SUSE-SU-2019:2462-1

Опубликовано: 25 сент. 2019

Источник: suse-cvrf

Описание

Security update for python-numpy

This update for python-numpy fixes the following issues:

Non-security issues fixed:

Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)

Список пакетов

Container ses/6/cephcsi/cephcsi:latest

python3-numpy-1.16.1-4.8.1

Container ses/6/rook/ceph:latest

python3-numpy-1.16.1-4.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

python3-numpy-1.16.1-4.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

python3-numpy-1.16.1-4.8.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

python3-numpy-1.16.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

python3-numpy-1.16.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

python3-numpy-1.16.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

python3-numpy-1.16.1-4.8.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python3-numpy-1.16.1-4.8.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python3-numpy-1.16.1-4.8.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python3-numpy-1.16.1-4.8.1

SUSE Linux Enterprise Module for Basesystem 15

python2-numpy-1.16.1-4.8.1

python2-numpy-devel-1.16.1-4.8.1

python3-numpy-1.16.1-4.8.1

python3-numpy-devel-1.16.1-4.8.1

SUSE Linux Enterprise Module for HPC 15

python2-numpy-gnu-hpc-1.16.1-4.8.1

python2-numpy-gnu-hpc-devel-1.16.1-4.8.1

python3-numpy-gnu-hpc-1.16.1-4.8.1

python3-numpy-gnu-hpc-devel-1.16.1-4.8.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192462-1/
Link for SUSE-SU-2019:2462-1
https://lists.suse.com/pipermail/sle-security-updates/2019-September/005966.html
E-Mail link for SUSE-SU-2019:2462-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1149203
SUSE Bug 1149203
https://www.suse.com/security/cve/CVE-2019-6446/
SUSE CVE CVE-2019-6446 page
https://bugzilla.suse.com/SLE-8532
SUSE Bug SLE-8532

Описание

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

Затронутые продукты

Container ses/6/cephcsi/cephcsi:latest:python3-numpy-1.16.1-4.8.1

Container ses/6/rook/ceph:latest:python3-numpy-1.16.1-4.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:python3-numpy-1.16.1-4.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server:python3-numpy-1.16.1-4.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-6446.html
CVE-2019-6446
https://bugzilla.suse.com/1122208
SUSE Bug 1122208

SUSE-SU-2019:2462-1

Описание

Список пакетов

Container ses/6/cephcsi/cephcsi:latest

Container ses/6/rook/ceph:latest

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

SUSE Linux Enterprise Module for Basesystem 15

SUSE Linux Enterprise Module for HPC 15

Ссылки

Уязвимость: CVE-2019-6446

Описание

Затронутые продукты

Ссылки