Fedora 30: FEDORA-2019-1dfe95a864 Critical: Numpy Code Execution Risk

NumPy is a general-purpose array-processing package designed to

efficiently manipulate large multi-dimensional arrays of arbitrary

records without sacrificing too much speed for small multi-dimensional

arrays. NumPy is built on the Numeric code base and adds features

introduced by numarray as well as an extended C-API and the ability to

create arrays of arbitrary type.

There are also basic facilities for discrete fourier transform,

basic linear algebra and random number generation. Also included in

this package is a version of f2py that works properly with NumPy.

1.16.3, fix for CVE-2019-6446

* Mon Apr 22 2019 Gwyn Ciesla - 1:1.16.3-1

- 1.16.3.

[ 1 ] Bug #1667955 - CVE-2019-6446 numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1667955

[ 2 ] Bug #1701803 - numpy-1.16.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1701803

su -c 'dnf upgrade --advisory FEDORA-2019-1dfe95a864' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/