Advisories » MGASA-2019-0322

Updated python-numpy packages fix security vulnerability

Publication date: 14 Nov 2019
Modification date: 14 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-6446

Description

Updated python-numpy packages fix security vulnerability:

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle
Python module unsafely, which allows remote attackers to execute arbitrary
code via a crafted serialized object, as demonstrated by a numpy.load call
(CVE-2019-6446).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24356
• https://access.redhat.com/errata/RHSA-2019:3704
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6446

SRPMS

7/core

• python-numpy-1.16.3-1.mga7