Overview

File _patchinfo of Package patchinfo.10267

<patchinfo incident="10267">
  <issue tracker="bnc" id="1122208">VUL-0: CVE-2019-6446: python-numpy:  NumPy uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code</issue>
  <issue tracker="cve" id="2019-6446"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mcepl</packager>
  <description>This update for python-numpy fixes the following issue:

Security issue fixed:

- CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208).
  With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by
  misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set.
  
NOTE: By applying this update the behavior of python-numpy changes, which might break your application.
In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware
that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code
execution.
</description>
  <summary>Security update for python-numpy</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places