Low: numpy

2014-09-17T22:50:00
ID ALAS-2014-302
Type amazon
Reporter Amazon
Modified 2014-09-17T22:50:00

Description

Issue Overview:

f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.

Affected Packages:

numpy

Issue Correction:
Run yum update numpy to update your system.

New Packages:

i686:  
    numpy-f2py-1.7.2-8.10.amzn1.i686  
    numpy-debuginfo-1.7.2-8.10.amzn1.i686  
    numpy-1.7.2-8.10.amzn1.i686

noarch:  
    numpy-doc-1.7.2-8.10.amzn1.noarch

src:  
    numpy-1.7.2-8.10.amzn1.src

x86_64:  
    numpy-1.7.2-8.10.amzn1.x86_64  
    numpy-f2py-1.7.2-8.10.amzn1.x86_64  
    numpy-debuginfo-1.7.2-8.10.amzn1.x86_64