important: memcached/python-pillow security update
important
An update for memcached/python-pillow is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
memcached:
python-pillow:
Security Fix(es):
memcached: A buffer overflow flaw was found in Memcached when processing multiget requests in proxy mode. This issue occurs when there are many spaces after the "get" substring.(CVE-2023-46852)
memcached: An off-by-one error was found in Memcached. This issue occurs when processing proxy requests in proxy mode if \n is used instead of \r\n.(CVE-2023-46853)
memcached: bugfix
python-pillow: A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service.(CVE-2024-28219)
python-pillow: A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter.(CVE-2023-50447)
python-pillow: A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument.(CVE-2023-44271)
python-pillow: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.