Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:2441-1 Important: python2-numpy DoS and Security Issues

suse
Calendar Grey July 19, 2022
Dist Suse Esm H88
The recent update for python2-numpy addresses several concerns, including vulnerabilities related to Denial of Service (DoS) and Null Pointer Dereference issues.
An update that fixes three vulnerabilities is now available

Summary

This update for python2-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2441=1 - SUSE Linux Enterprise Server for SAP 15:

Topics%20covered

Topics Covered

security advisory buffer overflow software update DoS SUSE python2-numpy Null Pointer Dereference

References

#1193907 #1193911 #1193913

Cross- CVE-2021-33430 CVE-2021-41495 CVE-2021-41496

CVSS scores:

CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-33430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-41495 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-41496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2441-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow software update DoS SUSE python2-numpy Null Pointer Dereference

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here