The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Python Pillow: denial of service via Image Files

Synthesis of the vulnerability 

An attacker can trigger a fatal error via Image Files of Python Pillow, in order to trigger a denial of service.
Vulnerable software: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity of this announce: 2/4.
Creation date: 02/12/2019.
Références of this computer vulnerability: CVE-2019-16865, DSA-4631-1, FEDORA-2019-19a161d540, FEDORA-2019-e7c83bdf19, RHSA-2020:0566-01, RHSA-2020:0578-01, RHSA-2020:0580-01, USN-4272-1, VIGILANCE-VUL-31027.

Description of the vulnerability 

An attacker can trigger a fatal error via Image Files of Python Pillow, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Debian, Fedora, Solaris, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Debian 9/10: new pillow packages.
New packages are available:
  Debian 9: pillow 4.0.0-4+deb9u1
  Debian 10: pillow 5.4.1-2+deb10u1

Fedora: new python-pillow packages.
New packages are available:
  Fedora 30: python-pillow 5.4.1-3.fc30
  Fedora 31: python-pillow 6.1.0-4.fc31

Oracle Solaris: patch for third party software of Januray 2020 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL 7.7: new python-pillow packages.
New packages are available:
  RHEL 7.7: python-pillow 2.0.0-20.gitd1c6db8.el7_7

RHEL 8.0: new python-pillow packages.
New packages are available:
  RHEL 8.0: python-pillow 5.1.1-10.el8_0

RHEL 8.1: new python-pillow packages.
New packages are available:
  RHEL 8.1: python-pillow 5.1.1-10.el8_1

Ubuntu: new python-pil packages.
New packages are available:
  Ubuntu 19.10: python-pil 6.1.0-1ubuntu0.2, python3-pil 6.1.0-1ubuntu0.2
  Ubuntu 18.04 LTS: python-pil 5.1.0-1ubuntu0.2, python3-pil 5.1.0-1ubuntu0.2
  Ubuntu 16.04 LTS: python-pil 3.1.2-0ubuntu1.3, python3-pil 3.1.2-0ubuntu1.3
  Ubuntu 14.04 ESM: python-pil 2.3.0-1ubuntu3.4+esm1, python3-pil 2.3.0-1ubuntu3.4+esm1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.