SUSE-SU-2019:0418-1 -- SLES python-numpy, python2-numpy, python3-numpyID: oval:org.secpod.oval:def:89050671 | Date: (C)2024-03-22 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content . With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load. A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution.
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
python-numpy |
python2-numpy |
python3-numpy |