python security update

2020-10-20T18:49:16
ID CESA-2020:3887
Type centos
Reporter CentOS Project
Modified 2020-10-20T18:49:16

Description

CentOS Errata and Security Advisory CESA-2020:3887

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

  • python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012813.html

Affected packages: python-pillow python-pillow-devel python-pillow-doc python-pillow-qt python-pillow-sane python-pillow-tk

Upstream details at: