Security update for python-numpy (important)

2019-02-26T00:09:39
ID OPENSUSE-SU-2019:0245-1
Type suse
Reporter Suse
Modified 2019-02-26T00:09:39

Description

This update for python-numpy fixes the following issue:

Security issue fixed:

  • CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set.

NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set allow_pickle to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution.

This update was imported from the SUSE:SLE-15:Update update project.