SUSE-SU-2019:0419-1 -- SLES python-numpyID: oval:org.secpod.oval:def:89003038 | Date: (C)2021-02-27 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content . With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load. A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution.
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP4 |