Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-6446 (GCVE-0-2019-6446)
Vulnerability from cvelistv5 – Published: 2019-01-16 05:00 – Updated: 2025-07-21 22:10 Disputed
VLAI?
EPSS
Summary
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
Date Public ?
2019-01-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:20.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"name": "106670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"name": "FEDORA-2019-1dfe95a864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
},
{
"name": "openSUSE-SU-2019:2227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"name": "openSUSE-SU-2019:2225",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"name": "openSUSE-SU-2019:2259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"name": "RHSA-2019:3335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"name": "RHSA-2019:3704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T22:10:51.613Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"name": "106670",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106670"
},
{
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"name": "FEDORA-2019-1dfe95a864",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
},
{
"name": "openSUSE-SU-2019:2227",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"name": "openSUSE-SU-2019:2225",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"name": "openSUSE-SU-2019:2259",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"name": "RHSA-2019:3335",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"name": "RHSA-2019:3704",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
},
{
"url": "https://github.com/numpy/numpy/pull/13359"
},
{
"url": "https://github.com/numpy/numpy/pull/12889"
},
{
"url": "https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1122208",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"name": "106670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106670"
},
{
"name": "https://github.com/numpy/numpy/issues/12759",
"refsource": "MISC",
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"name": "FEDORA-2019-1dfe95a864",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
},
{
"name": "openSUSE-SU-2019:2227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"name": "openSUSE-SU-2019:2225",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"name": "openSUSE-SU-2019:2259",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"name": "RHSA-2019:3335",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"name": "RHSA-2019:3704",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6446",
"datePublished": "2019-01-16T05:00:00.000Z",
"dateReserved": "2019-01-15T00:00:00.000Z",
"dateUpdated": "2025-07-21T22:10:51.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-6446",
"date": "2026-05-21",
"epss": "0.71492",
"percentile": "0.98745"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.0\", \"matchCriteriaId\": \"80912416-97D8-4FF8-B2DB-D587EFC9D4BE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}]",
"cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources\"}, {\"lang\": \"es\", \"value\": \"** EN DISPUTA ** Se ha descubierto un problema en NumPy, en versiones 1.16.0 y anteriores. Emplea el m\\u00f3dulo de Python pickle de forma insegura, lo que permite que los atacantes remotos ejecuten c\\u00f3digo arbitrario mediante un objeto serializado, tal y como queda demostrado con una llamada numpy.load. NOTA: hay terceros que discuten este problema, ya que es un comportamiento que podr\\u00eda tener aplicaciones leg\\u00edtimas en, por ejemplo, la carga de arrays de objetos de Python serializados de fuentes fiables y autenticadas.\"}]",
"id": "CVE-2019-6446",
"lastModified": "2024-11-21T04:46:28.137",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-01-16T05:29:01.370",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/106670\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3335\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3704\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1122208\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/numpy/numpy/issues/12759\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/106670\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1122208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/numpy/numpy/issues/12759\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6446\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-16T05:29:01.370\",\"lastModified\":\"2025-07-21T23:15:25.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** Se ha descubierto un problema en NumPy, en versiones 1.16.0 y anteriores. Emplea el m\u00f3dulo de Python pickle de forma insegura, lo que permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante un objeto serializado, tal y como queda demostrado con una llamada numpy.load. NOTA: hay terceros que discuten este problema, ya que es un comportamiento que podr\u00eda tener aplicaciones leg\u00edtimas en, por ejemplo, la carga de arrays de objetos de Python serializados de fuentes fiables y autenticadas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.0\",\"matchCriteriaId\":\"80912416-97D8-4FF8-B2DB-D587EFC9D4BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/106670\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3335\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3704\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1122208\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/numpy/numpy/issues/12759\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/numpy/numpy/pull/12889\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/numpy/numpy/pull/13359\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1122208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/numpy/numpy/issues/12759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
alsa-2019:3335
Vulnerability from osv_almalinux
Published
2019-11-05 17:32
Modified
2019-11-05 17:31
Summary
Moderate: python27:2.7 security and bug fix update
Details
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.
Security Fix(es):
-
numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446)
-
python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)
-
python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)
-
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
-
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
-
python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python-psycopg2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-Cython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.1-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-PyMySQL"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-attrs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.4.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-chardet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-coverage"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.1-4.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-dns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docs-info"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14-12.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-funcsigs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-idna"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-ipaddress"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.18-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-markupsafe"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23-19.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-mock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pluggy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0-8.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pysocks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.8-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytest-mock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0-4.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytz"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2017.2-12.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pyyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3-38.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-setuptools_scm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.7-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.\n\nSecurity Fix(es):\n\n* numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446)\n\n* python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n* python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n* python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)\n\n* python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service (CVE-2019-11236)\n\n* python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2019:3335",
"modified": "2019-11-05T17:31:55Z",
"published": "2019-11-05T17:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2019-3335.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11236"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-11324"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-6446"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9740"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9947"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9948"
}
],
"related": [
"CVE-2019-6446",
"CVE-2019-9740",
"CVE-2019-9947",
"CVE-2019-9948",
"CVE-2019-11236",
"CVE-2019-11324"
],
"summary": "Moderate: python27:2.7 security and bug fix update"
}
BDU:2019-01157
Vulnerability from fstec - Published: 16.01.2019
VLAI Severity ?
Title
Уязвимость модуля NumPy для Python, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модуля NumPy для Python связана с восстановлением в памяти недостоверной структуры данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity ?
Vendor
Сообщество свободного программного обеспечения
Software Name
NumPy
Software Version
от 1.10 до 1.16.0 (NumPy)
Possible Mitigations
Установить значение ‘False’ для параметра ‘allow_pickle’ в функции ‘numpy.load’, если пользователь не уверен в безопасности загружаемых данных
Использование рекомендаций производителя:
https://github.com/numpy/numpy/pull/13359
https://github.com/numpy/numpy/issues/12759
https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb
Reference
https://access.redhat.com/security/cve/cve-2019-6446
https://www.opennet.ru/opennews/art.shtml?num=50000
https://www.cybersecurity-help.cz/vdb/SB2019012101
CWE
CWE-502
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.10 \u0434\u043e 1.16.0 (NumPy)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u2018False\u2019 \u0434\u043b\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u2018allow_pickle\u2019 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u2018numpy.load\u2019, \u0435\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043d\u0435 \u0443\u0432\u0435\u0440\u0435\u043d \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://github.com/numpy/numpy/pull/13359\nhttps://github.com/numpy/numpy/issues/12759\nhttps://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01157",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6446",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NumPy",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f NumPy \u0434\u043b\u044f Python, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f NumPy \u0434\u043b\u044f Python \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2019-6446\nhttps://www.opennet.ru/opennews/art.shtml?num=50000\nhttps://www.cybersecurity-help.cz/vdb/SB2019012101",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2019-6446
Vulnerability from fkie_nvd - Published: 2019-01-16 05:29 - Updated: 2025-07-21 23:15
Severity ?
Summary
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/106670 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3335 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3704 | ||
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1122208 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb | ||
| cve@mitre.org | https://github.com/numpy/numpy/issues/12759 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/numpy/numpy/pull/12889 | ||
| cve@mitre.org | https://github.com/numpy/numpy/pull/13359 | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106670 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3335 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3704 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1122208 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/numpy/numpy/issues/12759 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| numpy | numpy | * | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80912416-97D8-4FF8-B2DB-D587EFC9D4BE",
"versionEndIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources."
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se ha descubierto un problema en NumPy, en versiones 1.16.0 y anteriores. Emplea el m\u00f3dulo de Python pickle de forma insegura, lo que permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante un objeto serializado, tal y como queda demostrado con una llamada numpy.load. NOTA: hay terceros que discuten este problema, ya que es un comportamiento que podr\u00eda tener aplicaciones leg\u00edtimas en, por ejemplo, la carga de arrays de objetos de Python serializados de fuentes fiables y autenticadas."
}
],
"id": "CVE-2019-6446",
"lastModified": "2025-07-21T23:15:25.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T05:29:01.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106670"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/numpy/numpy/pull/12889"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/numpy/numpy/pull/13359"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9FQ2-X9R6-WFMF
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-10-08 12:38
VLAI?
Summary
Numpy Deserialization of Untrusted Data
Details
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "numpy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-6446"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-18T20:19:35Z",
"nvd_published_at": "2019-01-16T05:29:01Z",
"severity": "CRITICAL"
},
"details": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"id": "GHSA-9fq2-x9r6-wfmf",
"modified": "2024-10-08T12:38:39Z",
"published": "2022-05-24T22:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6446"
},
{
"type": "WEB",
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"type": "WEB",
"url": "https://github.com/numpy/numpy/pull/12889"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"type": "PACKAGE",
"url": "https://github.com/numpy/numpy"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2019-108.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124234613/https://www.securityfocus.com/bid/106670"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Numpy Deserialization of Untrusted Data"
}
GSD-2019-6446
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-6446",
"description": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"id": "GSD-2019-6446",
"references": [
"https://www.suse.com/security/cve/CVE-2019-6446.html",
"https://access.redhat.com/errata/RHSA-2019:3704",
"https://access.redhat.com/errata/RHSA-2019:3335",
"https://advisories.mageia.org/CVE-2019-6446.html",
"https://linux.oracle.com/cve/CVE-2019-6446.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-6446"
],
"details": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"id": "GSD-2019-6446",
"modified": "2023-12-13T01:23:48.849317Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1122208",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"name": "106670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106670"
},
{
"name": "https://github.com/numpy/numpy/issues/12759",
"refsource": "MISC",
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"name": "FEDORA-2019-1dfe95a864",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
},
{
"name": "openSUSE-SU-2019:2227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"name": "openSUSE-SU-2019:2225",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"name": "openSUSE-SU-2019:2259",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"name": "RHSA-2019:3335",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"name": "RHSA-2019:3704",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.16.3",
"affected_versions": "All versions before 1.16.3",
"credit": "nanshihui",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-09-30",
"description": "An unsafe use of the pickle Python module allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a `numpy.load` call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"fixed_versions": [
"1.16.3"
],
"identifier": "CVE-2019-6446",
"identifiers": [
"CVE-2019-6446"
],
"package_slug": "pypi/numpy",
"pubdate": "2019-01-16",
"solution": "Upgrade to version 1.16.3 or above",
"title": "Arbitrary Code Execution",
"urls": [
"http://www.securityfocus.com/bid/106670",
"https://bugzilla.suse.com/show_bug.cgi?id=1122208",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6446",
"https://cwe.mitre.org/data/definitions/94.html",
"https://github.com/numpy/numpy/issues/12759"
],
"uuid": "b8804275-0868-45f4-9ab6-bfd68ad34e00"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:numpy:numpy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80912416-97D8-4FF8-B2DB-D587EFC9D4BE",
"versionEndIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se ha descubierto un problema en NumPy, en versiones 1.16.0 y anteriores. Emplea el m\u00f3dulo de Python pickle de forma insegura, lo que permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante un objeto serializado, tal y como queda demostrado con una llamada numpy.load. NOTA: hay terceros que discuten este problema, ya que es un comportamiento que podr\u00eda tener aplicaciones leg\u00edtimas en, por ejemplo, la carga de arrays de objetos de Python serializados de fuentes fiables y autenticadas."
}
],
"id": "CVE-2019-6446",
"lastModified": "2024-04-11T01:05:59.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T05:29:01.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106670"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3704"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/numpy/numpy/issues/12759"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2019:0245-1
Vulnerability from csaf_opensuse - Published: 2019-03-23 11:06 - Updated: 2019-03-23 11:06Summary
Security update for python-numpy
Severity
Important
Notes
Title of the patch: Security update for python-numpy
Description of the patch: This update for python-numpy fixes the following issue:
Security issue fixed:
- CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208).
With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by
misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set.
NOTE: By applying this update the behavior of python-numpy changes, which might break your application.
In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware
that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code
execution.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-245
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1122208 | self |
| https://www.suse.com/security/cve/CVE-2019-6446/ | self |
| https://www.suse.com/security/cve/CVE-2019-6446 | external |
| https://bugzilla.suse.com/1122208 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-numpy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-numpy fixes the following issue:\n\nSecurity issue fixed:\n\n- CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208).\n With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by\n misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set.\n \nNOTE: By applying this update the behavior of python-numpy changes, which might break your application.\nIn order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware\nthat this should only be done for trusted input, as loading untrusted input might lead to arbitrary code\nexecution.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-245",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0245-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G6ZDQC6NFUWO7RGAUIZY3TLFQISBKUMX/#G6ZDQC6NFUWO7RGAUIZY3TLFQISBKUMX"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G6ZDQC6NFUWO7RGAUIZY3TLFQISBKUMX/#G6ZDQC6NFUWO7RGAUIZY3TLFQISBKUMX"
},
{
"category": "self",
"summary": "SUSE Bug 1122208",
"url": "https://bugzilla.suse.com/1122208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6446 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6446/"
}
],
"title": "Security update for python-numpy",
"tracking": {
"current_release_date": "2019-03-23T11:06:55Z",
"generator": {
"date": "2019-03-23T11:06:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0245-1",
"initial_release_date": "2019-03-23T11:06:55Z",
"revision_history": [
{
"date": "2019-03-23T11:06:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product": {
"name": "python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"product_id": "python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
},
"product_reference": "python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-6446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6446"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6446",
"url": "https://www.suse.com/security/cve/CVE-2019-6446"
},
{
"category": "external",
"summary": "SUSE Bug 1122208 for CVE-2019-6446",
"url": "https://bugzilla.suse.com/1122208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:python2-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-1.14.0-lp150.3.3.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-lp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:06:55Z",
"details": "important"
}
],
"title": "CVE-2019-6446"
}
]
}
OPENSUSE-SU-2019:2225-1
Vulnerability from csaf_opensuse - Published: 2019-09-30 18:21 - Updated: 2019-09-30 18:21Summary
Security update for python-numpy
Severity
Moderate
Notes
Title of the patch: Security update for python-numpy
Description of the patch: This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1149203 | self |
| https://www.suse.com/security/cve/CVE-2019-6446/ | self |
| https://www.suse.com/security/cve/CVE-2019-6446 | external |
| https://bugzilla.suse.com/1122208 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-numpy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-numpy fixes the following issues:\n\nNon-security issues fixed:\n\n- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2225-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2225-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RM7XSVOVXVBLLDRGYQ77QAOT6WRRDYEI/#RM7XSVOVXVBLLDRGYQ77QAOT6WRRDYEI"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2225-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RM7XSVOVXVBLLDRGYQ77QAOT6WRRDYEI/#RM7XSVOVXVBLLDRGYQ77QAOT6WRRDYEI"
},
{
"category": "self",
"summary": "SUSE Bug 1149203",
"url": "https://bugzilla.suse.com/1149203"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6446 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6446/"
}
],
"title": "Security update for python-numpy",
"tracking": {
"current_release_date": "2019-09-30T18:21:36Z",
"generator": {
"date": "2019-09-30T18:21:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2225-1",
"initial_release_date": "2019-09-30T18:21:36Z",
"revision_history": [
{
"date": "2019-09-30T18:21:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy-devel-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy-devel-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-6446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6446"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:python2-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6446",
"url": "https://www.suse.com/security/cve/CVE-2019-6446"
},
{
"category": "external",
"summary": "SUSE Bug 1122208 for CVE-2019-6446",
"url": "https://bugzilla.suse.com/1122208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:python2-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:python2-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T18:21:36Z",
"details": "important"
}
],
"title": "CVE-2019-6446"
}
]
}
OPENSUSE-SU-2019:2227-1
Vulnerability from csaf_opensuse - Published: 2019-09-30 18:21 - Updated: 2019-09-30 18:21Summary
Security update for python-numpy
Severity
Moderate
Notes
Title of the patch: Security update for python-numpy
Description of the patch: This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2227
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1149203 | self |
| https://www.suse.com/security/cve/CVE-2019-6446/ | self |
| https://www.suse.com/security/cve/CVE-2019-6446 | external |
| https://bugzilla.suse.com/1122208 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-numpy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-numpy fixes the following issues:\n\nNon-security issues fixed:\n\n- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2227-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2227-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FVRBFRTO6NBDCEJSJP6AAQZYSPEG6RMQ/#FVRBFRTO6NBDCEJSJP6AAQZYSPEG6RMQ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2227-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FVRBFRTO6NBDCEJSJP6AAQZYSPEG6RMQ/#FVRBFRTO6NBDCEJSJP6AAQZYSPEG6RMQ"
},
{
"category": "self",
"summary": "SUSE Bug 1149203",
"url": "https://bugzilla.suse.com/1149203"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6446 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6446/"
}
],
"title": "Security update for python-numpy",
"tracking": {
"current_release_date": "2019-09-30T18:21:50Z",
"generator": {
"date": "2019-09-30T18:21:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2227-1",
"initial_release_date": "2019-09-30T18:21:50Z",
"revision_history": [
{
"date": "2019-09-30T18:21:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-6446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6446"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6446",
"url": "https://www.suse.com/security/cve/CVE-2019-6446"
},
{
"category": "external",
"summary": "SUSE Bug 1122208 for CVE-2019-6446",
"url": "https://bugzilla.suse.com/1122208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python2-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-1.16.1-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-lp151.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T18:21:50Z",
"details": "important"
}
],
"title": "CVE-2019-6446"
}
]
}
OPENSUSE-SU-2019:2259-1
Vulnerability from csaf_opensuse - Published: 2019-10-06 08:20 - Updated: 2019-10-06 08:20Summary
Security update for python-numpy
Severity
Moderate
Notes
Title of the patch: Security update for python-numpy
Description of the patch: This update for python-numpy fixes the following issues:
Non-security issues fixed:
- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)
This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2019-2259
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1149203 | self |
| https://www.suse.com/security/cve/CVE-2019-6446/ | self |
| https://www.suse.com/security/cve/CVE-2019-6446 | external |
| https://bugzilla.suse.com/1122208 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-numpy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-numpy fixes the following issues:\n\nNon-security issues fixed:\n\n- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2259",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2259-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2259-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2OYZN2KXJT6YZ75UZQ32FP2DTHA7CNTW/#2OYZN2KXJT6YZ75UZQ32FP2DTHA7CNTW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2259-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2OYZN2KXJT6YZ75UZQ32FP2DTHA7CNTW/#2OYZN2KXJT6YZ75UZQ32FP2DTHA7CNTW"
},
{
"category": "self",
"summary": "SUSE Bug 1149203",
"url": "https://bugzilla.suse.com/1149203"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6446 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6446/"
}
],
"title": "Security update for python-numpy",
"tracking": {
"current_release_date": "2019-10-06T08:20:28Z",
"generator": {
"date": "2019-10-06T08:20:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2259-1",
"initial_release_date": "2019-10-06T08:20:28Z",
"revision_history": [
{
"date": "2019-10-06T08:20:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product_id": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product_id": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product_id": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product_id": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"product": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"product_id": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"product": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"product_id": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
},
"product_reference": "python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
},
"product_reference": "python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-6446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6446"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6446",
"url": "https://www.suse.com/security/cve/CVE-2019-6446"
},
{
"category": "external",
"summary": "SUSE Bug 1122208 for CVE-2019-6446",
"url": "https://bugzilla.suse.com/1122208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python2-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-1.16.1-bp151.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.s390x",
"SUSE Package Hub 15 SP1:python3-numpy_1_16_1-gnu-hpc-devel-1.16.1-bp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-06T08:20:28Z",
"details": "important"
}
],
"title": "CVE-2019-6446"
}
]
}
OPENSUSE-SU-2024:11243-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python38-numpy-1.21.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python38-numpy-1.21.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the python38-numpy-1.21.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11243
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2017-12852/ | self |
| https://www.suse.com/security/cve/CVE-2019-6446/ | self |
| https://www.suse.com/security/cve/CVE-2017-12852 | external |
| https://bugzilla.suse.com/1053963 | external |
| https://www.suse.com/security/cve/CVE-2019-6446 | external |
| https://bugzilla.suse.com/1122208 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python38-numpy-1.21.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python38-numpy-1.21.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11243",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11243-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12852 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6446 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6446/"
}
],
"title": "python38-numpy-1.21.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11243-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python38-numpy-1.21.2-1.1.aarch64",
"product": {
"name": "python38-numpy-1.21.2-1.1.aarch64",
"product_id": "python38-numpy-1.21.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-numpy-devel-1.21.2-1.1.aarch64",
"product": {
"name": "python38-numpy-devel-1.21.2-1.1.aarch64",
"product_id": "python38-numpy-devel-1.21.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-numpy-1.21.2-1.1.aarch64",
"product": {
"name": "python39-numpy-1.21.2-1.1.aarch64",
"product_id": "python39-numpy-1.21.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-numpy-devel-1.21.2-1.1.aarch64",
"product": {
"name": "python39-numpy-devel-1.21.2-1.1.aarch64",
"product_id": "python39-numpy-devel-1.21.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-numpy-1.21.2-1.1.ppc64le",
"product": {
"name": "python38-numpy-1.21.2-1.1.ppc64le",
"product_id": "python38-numpy-1.21.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-numpy-devel-1.21.2-1.1.ppc64le",
"product": {
"name": "python38-numpy-devel-1.21.2-1.1.ppc64le",
"product_id": "python38-numpy-devel-1.21.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-numpy-1.21.2-1.1.ppc64le",
"product": {
"name": "python39-numpy-1.21.2-1.1.ppc64le",
"product_id": "python39-numpy-1.21.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-numpy-devel-1.21.2-1.1.ppc64le",
"product": {
"name": "python39-numpy-devel-1.21.2-1.1.ppc64le",
"product_id": "python39-numpy-devel-1.21.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-numpy-1.21.2-1.1.s390x",
"product": {
"name": "python38-numpy-1.21.2-1.1.s390x",
"product_id": "python38-numpy-1.21.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-numpy-devel-1.21.2-1.1.s390x",
"product": {
"name": "python38-numpy-devel-1.21.2-1.1.s390x",
"product_id": "python38-numpy-devel-1.21.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-numpy-1.21.2-1.1.s390x",
"product": {
"name": "python39-numpy-1.21.2-1.1.s390x",
"product_id": "python39-numpy-1.21.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-numpy-devel-1.21.2-1.1.s390x",
"product": {
"name": "python39-numpy-devel-1.21.2-1.1.s390x",
"product_id": "python39-numpy-devel-1.21.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python38-numpy-1.21.2-1.1.x86_64",
"product": {
"name": "python38-numpy-1.21.2-1.1.x86_64",
"product_id": "python38-numpy-1.21.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-numpy-devel-1.21.2-1.1.x86_64",
"product": {
"name": "python38-numpy-devel-1.21.2-1.1.x86_64",
"product_id": "python38-numpy-devel-1.21.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-numpy-1.21.2-1.1.x86_64",
"product": {
"name": "python39-numpy-1.21.2-1.1.x86_64",
"product_id": "python39-numpy-1.21.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-numpy-devel-1.21.2-1.1.x86_64",
"product": {
"name": "python39-numpy-devel-1.21.2-1.1.x86_64",
"product_id": "python39-numpy-devel-1.21.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64"
},
"product_reference": "python38-numpy-1.21.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le"
},
"product_reference": "python38-numpy-1.21.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-1.21.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x"
},
"product_reference": "python38-numpy-1.21.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64"
},
"product_reference": "python38-numpy-1.21.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-devel-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64"
},
"product_reference": "python38-numpy-devel-1.21.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-devel-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le"
},
"product_reference": "python38-numpy-devel-1.21.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-devel-1.21.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x"
},
"product_reference": "python38-numpy-devel-1.21.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-numpy-devel-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64"
},
"product_reference": "python38-numpy-devel-1.21.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64"
},
"product_reference": "python39-numpy-1.21.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le"
},
"product_reference": "python39-numpy-1.21.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-1.21.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x"
},
"product_reference": "python39-numpy-1.21.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64"
},
"product_reference": "python39-numpy-1.21.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-devel-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64"
},
"product_reference": "python39-numpy-devel-1.21.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-devel-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le"
},
"product_reference": "python39-numpy-devel-1.21.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-devel-1.21.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x"
},
"product_reference": "python39-numpy-devel-1.21.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-numpy-devel-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
},
"product_reference": "python39-numpy-devel-1.21.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12852"
}
],
"notes": [
{
"category": "general",
"text": "The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12852",
"url": "https://www.suse.com/security/cve/CVE-2017-12852"
},
{
"category": "external",
"summary": "SUSE Bug 1053963 for CVE-2017-12852",
"url": "https://bugzilla.suse.com/1053963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12852"
},
{
"cve": "CVE-2019-6446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6446"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6446",
"url": "https://www.suse.com/security/cve/CVE-2019-6446"
},
{
"category": "external",
"summary": "SUSE Bug 1122208 for CVE-2019-6446",
"url": "https://bugzilla.suse.com/1122208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python38-numpy-devel-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-1.21.2-1.1.x86_64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.aarch64",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.ppc64le",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.s390x",
"openSUSE Tumbleweed:python39-numpy-devel-1.21.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-6446"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…