Описание
Security update for python-scipy
This update for python-scipy fixes the following issues:
- CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062).
- CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137).
Список пакетов
SUSE Linux Enterprise Module for HPC 15 SP4
python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP5
python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
python3-scipy-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
python3-scipy-1.3.3-150200.5.3.1
python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
openSUSE Leap 15.4
python3-scipy-1.3.3-150200.5.3.1
python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
openSUSE Leap 15.5
python3-scipy-1.3.3-150200.5.3.1
python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
Ссылки
- Link for SUSE-SU-2023:3272-1
- E-Mail link for SUSE-SU-2023:3272-1
- SUSE Security Ratings
- SUSE Bug 1213062
- SUSE Bug 1213137
- SUSE CVE CVE-2023-25399 page
- SUSE CVE CVE-2023-29824 page
Описание
** DISPUTED ** A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 15 SP4:python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP4:python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP5:python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP5:python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
Ссылки
- CVE-2023-25399
- SUSE Bug 1213062
Описание
** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 15 SP4:python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP4:python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP5:python3-scipy-gnu-hpc-1.3.3-150200.5.3.1
SUSE Linux Enterprise Module for HPC 15 SP5:python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1
Ссылки
- CVE-2023-29824
- SUSE Bug 1213137