Описание
Security update for python-numpy
This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
python2-numpy-1.16.1-lp151.5.3.1
python2-numpy-devel-1.16.1-lp151.5.3.1
python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1
python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1
python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1
python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1
python3-numpy-1.16.1-lp151.5.3.1
python3-numpy-devel-1.16.1-lp151.5.3.1
python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1
python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1
python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1
python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2227-1
- SUSE Security Ratings
- SUSE Bug 1149203
- SUSE CVE CVE-2019-6446 page
Описание
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Затронутые продукты
openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1
openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1
openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1
openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1
Ссылки
- CVE-2019-6446
- SUSE Bug 1122208