Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2019:3704

Опубликовано: 05 нояб. 2019
Источник: rocky
Оценка: Moderate

Описание

Moderate: numpy security update

The numpy packages provide NumPY. NumPY is an extension to the Python programming language, which adds support for large, multi-dimensional arrays and matrices, and a library of mathematical functions that operate on such arrays.

Security Fix(es):

  • numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python3-numpyx86_649.el8python3-numpy-1.14.3-9.el8.x86_64.rpm
python3-numpy-f2pyx86_649.el8python3-numpy-f2py-1.14.3-9.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2019-6446

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2019-6446

CVSS3: 9.8
ubuntu
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

redhat логотип

CVE-2019-6446

CVSS3: 8.8
redhat
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

nvd логотип

CVE-2019-6446

CVSS3: 9.8
nvd
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

debian логотип

CVE-2019-6446

CVSS3: 9.8
debian
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Pyt ...

suse-cvrf логотип

openSUSE-SU-2019:2227-1

suse-cvrf
около 6 лет назад

Security update for python-numpy