https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
Bug ID: 2176591
Summary: msmtp package should provide /usr/bin/sendmail
Product: Fedora
Version: rawhide
Status: NEW
Component: msmtp
Assignee: lemenkov(a)gmail.com
Reporter: yann(a)droneaud.fr
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gbcox(a)bzb.us, lemenkov(a)gmail.com, ndevos(a)redhat.com,
wart(a)kobold.org
Target Milestone: ---
Classification: Fedora
Description of problem:
msmtp package is not declared to provide /usr/sbin/sendmail. But installing
the package, makes msmtp the "mta" (see alternatives --display mta), and thus
provide /usr/bin/sendmail.
Some packages, see below, requires /usr/sbin/sendmail
BackupPC-0:4.4.0-9.fc38.x86_64
alpine-0:2.26-3.fc38.x86_64
arpwatch-14:3.3-14.fc39.x86_64
asterisk-voicemail-0:18.12.1-1.fc38.3.x86_64
certwatch-mod_ssl-0:1.2-12.fc38.x86_64
fail2ban-sendmail-0:1.0.2-2.fc38.noarch
fvwm-0:2.7.0-3.fc38.x86_64
hylafax+-client-0:7.0.7-1.fc39.i686
hylafax+-client-0:7.0.7-1.fc39.x86_64
mgetty-0:1.2.1-18.fc38.x86_64
quilt-0:0.67-4.fc39.noarch
redhat-lsb-core-0:4.1-60.fc38.i686
redhat-lsb-core-0:4.1-60.fc38.x86_64
spamass-milter-0:0.4.0-24.fc38.x86_64
uudeview-0:0.5.20-51.fc38.x86_64
websec-0:1.9.0-34.fc38.noarch
x509watch-0:0.6.1-14.fc38.noarch
Thus, when asking dnf to install one of the packages above, it will also
install another mta from the list below if none of them is already installed.
Likely esmtp in my experience (likely because it's the first alphabetically).
esmtp-0:1.2-21.fc38.x86_64
exim-0:4.96-8.fc38.x86_64
opensmtpd-0:6.8.0p2-11.fc38.x86_64
postfix-2:3.7.4-1.fc38.x86_64
sendmail-0:8.17.1-8.fc38.x86_64
ssmtp-0:2.64-32.fc38.x86_64
Having msmtp already installed should be enough to satisfy /usr/sbin/sendmail
requirement, and no other MTA should be installed as part of installing another
package.
Version-Release number of selected component (if applicable):
msmtp-1.8.23-1.fc38.x86_64
How reproducible:
When installing a package that requires /usr/bin/sendmail when no other MTA
is installed.
Steps to Reproduce:
1. dnf install msmtp
2. dnf install arpwatch
Actual results:
"dnf install arpwatch" installs arpwatch and esmtp
Expected results:
"dnf install arpwatch" would install only arpwatch
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
https://bugzilla.redhat.com/show_bug.cgi?id=2241381
Bug ID: 2241381
Summary: [abrt] nemo:
g_type_check_instance_is_fundamentally_a():
nemo-desktop killed by SIGSEGV
Product: Fedora
Version: 38
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:f2b1a592ca1628dbe957eba094ef4ddf8f1a4ace;VAR
IANT_ID=;
Component: nemo
Assignee: leigh123linux(a)googlemail.com
Reporter: stephen.clouse(a)noaa.gov
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
Description of problem:
Happened right after login
Version-Release number of selected component:
nemo-5.8.4-3.fc38
Additional info:
reporter: libreport-2.17.11
runlevel: N 5
kernel: 6.5.5-200.fc38.x86_64
uid: 1000
reason: nemo-desktop killed by SIGSEGV
comment: Happened right after login
backtrace_rating: 4
crash_function: g_type_check_instance_is_fundamentally_a
type: CCpp
cmdline: nemo-desktop
executable: /usr/bin/nemo-desktop
journald_cursor:
s=5edc5d3f66574c528779020be05abfae;i=24799a;b=80b81b4af21c409099f6b9d1ce42a925;m=849259d;t=606812b901112;x=adcc4836ede7ebd3
cgroup: 0::/user.slice/user-1000.slice/session-2.scope
rootdir: /
package: nemo-5.8.4-3.fc38
Truncated backtrace:
Thread no. 1 (37 frames)
#0 g_type_check_instance_is_fundamentally_a at ../gobject/gtype.c:4166
#2 nemo_path_bar_finalize at ../src/nemo-pathbar.c:398
#5 gtk_stack_forall at ../gtk/gtkstack.c:1911
#6 gtk_container_destroy at ../gtk/gtkcontainer.c:1702
#8 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#11 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#14 gtk_box_forall at ../gtk/gtkbox.c:2678
#15 gtk_container_destroy at ../gtk/gtkcontainer.c:1702
#17 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#20 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#23 gtk_container_destroy at ../gtk/gtkcontainer.c:1702
#25 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#28 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#31 gtk_toolbar_forall at ../gtk/gtktoolbar.c:2551
#32 gtk_container_destroy at ../gtk/gtkcontainer.c:1702
#34 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#37 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#40 gtk_box_forall at ../gtk/gtkbox.c:2678
#41 gtk_container_destroy at ../gtk/gtkcontainer.c:1702
#43 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#46 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#49 gtk_container_remove at ../gtk/gtkcontainer.c:1911
#51 nemo_window_close_pane at ../src/nemo-window.c:1003
#52 g_list_foreach at ../glib/glist.c:1092
#53 nemo_window_destroy at ../src/nemo-window.c:845
#55 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3930
#58 gtk_widget_dispose at ../gtk/gtkwidget.c:12166
#59 gtk_window_dispose at ../gtk/gtkwindow.c:3191
#60 gtk_application_window_dispose at ../gtk/gtkapplicationwindow.c:804
#63 gtk_widget_destroy at ../gtk/gtkwidget.c:4780
#64 free_info at ../src/nemo-desktop-manager.c:103
#65 g_list_foreach at ../glib/glist.c:1092
#66 close_all_windows at ../src/nemo-desktop-manager.c:275
#67 layout_changed at ../src/nemo-desktop-manager.c:361
#71 g_main_context_iterate.isra.0 at ../glib/gmain.c:4276
#72 g_main_context_iteration at ../glib/gmain.c:4343
#73 g_application_run at ../gio/gapplication.c:2573
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2241381
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2241013
Bug ID: 2241013
Summary: [abrt] xapps: g_dbus_proxy_get_name(): xapp-sn-watcher
killed by SIGSEGV
Product: Fedora
Version: 38
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:127639fd238d6c0ca7900113f2a78a3b2d509112;VAR
IANT_ID=cinnamon;
Component: xapps
Assignee: leigh123linux(a)googlemail.com
Reporter: fschaupp(a)hotmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
Version-Release number of selected component:
xapps-2.6.1-4.fc38
Additional info:
reporter: libreport-2.17.11
type: CCpp
reason: xapp-sn-watcher killed by SIGSEGV
journald_cursor:
s=f07a1147503f4193ba767001bbf4a25d;i=54fa94;b=cd626c7dab71441bb9776a59df1d900f;m=64c70334;t=6065a193e268f;x=e08d5a5a1a221174
executable: /usr/libexec/xapps/xapp-sn-watcher
cmdline: /usr/libexec/xapps/xapp-sn-watcher
cgroup: 0::/user.slice/user-1000.slice/session-2.scope
rootdir: /
uid: 1000
kernel: 6.4.15-200.fc38.x86_64
package: xapps-2.6.1-4.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: g_dbus_proxy_get_name
Truncated backtrace:
Thread no. 1 (13 frames)
#0 g_dbus_proxy_get_name at ../gio/gdbusproxy.c:2297
#1 get_all_properties_callback at ../xapp-sn-watcher/sn-item.c:748
#2 g_task_return_now at ../gio/gtask.c:1309
#3 g_task_return at ../gio/gtask.c:1378
#5 reply_cb at ../gio/gdbusproxy.c:2561
#6 g_task_return_now at ../gio/gtask.c:1309
#7 g_task_return at ../gio/gtask.c:1378
#9 g_dbus_connection_call_done at ../gio/gdbusconnection.c:5895
#10 g_task_return_now at ../gio/gtask.c:1309
#11 complete_in_idle_cb at ../gio/gtask.c:1323
#15 g_main_context_iterate.isra.0 at ../glib/gmain.c:4276
#16 g_main_context_iteration at ../glib/gmain.c:4343
#17 g_application_run at ../gio/gapplication.c:2573
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2241013
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…