Описание
Security update for python-scipy
This update for python-scipy fixes the following issues:
- CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062).
- CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137).
Список пакетов
openSUSE Leap 15.4
python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
openSUSE Leap 15.5
python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
Ссылки
- Link for SUSE-SU-2023:2970-1
- E-Mail link for SUSE-SU-2023:2970-1
- SUSE Security Ratings
- SUSE Bug 1213062
- SUSE Bug 1213137
- SUSE CVE CVE-2023-25399 page
- SUSE CVE CVE-2023-29824 page
Описание
** DISPUTED ** A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Затронутые продукты
openSUSE Leap 15.4:python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
openSUSE Leap 15.5:python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
Ссылки
- CVE-2023-25399
- SUSE Bug 1213062
Описание
** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
Затронутые продукты
openSUSE Leap 15.4:python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
openSUSE Leap 15.5:python3-scipy_1_2_0-gnu-hpc-1.2.0-150100.4.6.1
Ссылки
- CVE-2023-29824
- SUSE Bug 1213137