Fedora Account System
Red Hat Associate
Red Hat Customer
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.6 for RHEL 9 Red Hat Ansible Automation Platform 2.6 for RHEL 10 Via RHSA-2026:24762 https://access.redhat.com/errata/RHSA-2026:24762
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 9 Red Hat Ansible Automation Platform 2.5 for RHEL 8 Via RHSA-2026:24761 https://access.redhat.com/errata/RHSA-2026:24761
This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2026:27076 https://access.redhat.com/errata/RHSA-2026:27076
This issue has been addressed in the following products: Red Hat Satellite 6.17 for RHEL 9 Via RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
This issue has been addressed in the following products: Red Hat Satellite 6.18 for RHEL 9 Via RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368