Updated python-numpy packages fix security vulnerabilities
Publication date: 21 Feb 2014Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1858 , CVE-2014-1859
Description
f2py insecurely used a temporary file. A local attacker could use this flaw
to perform a symbolic link attack to modify an arbitrary file accessible to
the user running f2py (CVE-2014-1858, CVE-2014-1859).
References
- https://bugs.mageia.org/show_bug.cgi?id=12814
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
- https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1859
SRPMS
4/core
- python-numpy-1.8.0-1.1.mga4
3/core
- python-numpy-1.6.2-2.1.mga3