Security update for python-numpy (important)

An update that fixes one vulnerability is now available.

Description:

This update for python-numpy fixes the following issue:

Security issue fixed:

• CVE-2019-6446: Set allow_pickle to false by default to restrict loading
  untrusted content (bsc#1122208). With this update we decrease the
  possibility of allowing remote attackers to execute arbitrary code by
  misusing numpy.load(). A warning during runtime will show-up when the
  allow_pickle is not explicitly set.

NOTE: By applying this update the behavior of python-numpy changes, which
might break your application. In order to get the old behaviour back, you
have to explicitly set allow_pickle to True. Be aware that this should
only be done for trusted input, as loading untrusted input might lead to
arbitrary code execution.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-245=1