[Important] [Security] Vulnerability Fixes in urllib3, PyYAML, and Pillow (CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271) for VzLinux 7.9

🗓️ 25 Sep 2025 00:00:00Reported by VirtuozzoType

virtuozzo

virtuozzo🔗 docs.virtuozzo.com👁 41 Views

Vulnerability fixes for urllib3, PyYAML, and Pillow on VzLinux 7.9 covering multiple CVEs.

Reporter	Title	Published	Views	Family All 563
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pillow denial of service, vulnerability (CVE-2023-44271)	5 Feb 202419:59	–	ibm
IBM Security Bulletins	Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)	28 Mar 202216:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	6 Jul 202318:48	–	ibm
IBM Security Bulletins	Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector	5 Mar 202409:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF001	19 Feb 202416:38	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]	11 Mar 202412:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202100:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities	15 Dec 202314:31	–	ibm
IBM Security Bulletins	Security Bulletin: Pillow versions have a Denial of Service vulnerability due to uncontrolled memory allocation in ImageFont's	14 Aug 202409:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	18 Aug 202504:31	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
VzLinux	7.9	x86_64	pyyaml	5.4.1-1.vl7	PyYAML-5.4.1-1.vl7.x86_64.rpm
VzLinux	7.9	x86_64	python-pillow	2.0.0-25.gitd1c6db8.vl7	python-pillow-2.0.0-25.gitd1c6db8.vl7.x86_64.rpm
VzLinux	7.9	x86_64	python-pillow-devel	2.0.0-25.gitd1c6db8.vl7	python-pillow-devel-2.0.0-25.gitd1c6db8.vl7.x86_64.rpm
VzLinux	7.9	x86_64	python-pillow-qt	2.0.0-25.gitd1c6db8.vl7	python-pillow-qt-2.0.0-25.gitd1c6db8.vl7.x86_64.rpm
VzLinux	7.9	x86_64	python-pillow-sane	2.0.0-25.gitd1c6db8.vl7	python-pillow-sane-2.0.0-25.gitd1c6db8.vl7.x86_64.rpm
VzLinux	7.9	x86_64	python-pillow-tk	2.0.0-25.gitd1c6db8.vl7	python-pillow-tk-2.0.0-25.gitd1c6db8.vl7.x86_64.rpm
VzLinux	7.9	noarch	python-urllib3	1.24.3-8.vl7	python-urllib3-1.24.3-8.vl7.noarch.rpm
VzLinux	7.9	x86_64	python3-pyyaml	5.4.1-1.vl7	python3-PyYAML-5.4.1-1.vl7.x86_64.rpm
VzLinux	7.9	noarch	python3-urllib3	1.24.3-8.vl7	python3-urllib3-1.24.3-8.vl7.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/cve-2018-20060
access	www.access.redhat.com/security/cve/cve-2020-1747
access	www.access.redhat.com/security/cve/cve-2020-14343
access	www.access.redhat.com/security/cve/cve-2023-50447
access	www.access.redhat.com/security/cve/cve-2023-44271

25 Sep 2025 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 210

CVSS 39.8

CVSS 3.19.8

EPSS0.05984

urllib3 PyYAML Pillow VzLinux 7.9 CVE-2018-20060 CVE-2020-1747 CVE-2020-14343 CVE-2023-50447 CVE-2023-44271