SUSE has issued an advisory on February 12: http://lists.suse.com/pipermail/sle-security-updates/2019-February/005104.html The SUSE bug contains a link to a proposed fix: https://bugzilla.suse.com/show_bug.cgi?id=1122208 Mageia 6 is also affected.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=24028Whiteboard: (none) => MGA6TOO
openSUSE has issued an advisory for this on February 25: https://lists.opensuse.org/opensuse-updates/2019-02/msg00134.html
Status comment: (none) => Patch available from openSUSE
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
RedHat has issued an advisory for this on November 5: https://access.redhat.com/errata/RHSA-2019:3704
This was fixed upstream in 1.16.3 release now in Core/Updates_testing repo!
CC: (none) => geiger.david68210
Advisory: ======================== Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call (CVE-2019-6446). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6446 https://access.redhat.com/errata/RHSA-2019:3704 ======================== Updated packages in core/updates_testing: ======================== python2-numpy-1.16.3-1.mga7 python2-numpy-devel-1.16.3-1.mga7 python2-numpy-f2py-1.16.3-1.mga7 python3-numpy-1.16.3-1.mga7 python3-numpy-devel-1.16.3-1.mga7 python3-numpy-f2py-1.16.3-1.mga7 from python-numpy-1.16.3-1.mga7.src.rpm
Assignee: python => qa-bugsSeverity: normal => majorVersion: Cauldron => 7Whiteboard: MGA7TOO, MGA6TOO => (none)
Mageia7, x86_64 CVE-2019-6446 https://github.com/numpy/numpy/issues/12759 This supplies a python script to demonstrate the problem: import numpy from numpy import __version__ print( __version__ ) import os import pickle class Test(object): def __init__(self): self.a = 1 def __reduce__(self): return (os.system,('ls',)) tmpdaa = Test() with open("a-file.pickle",'wb') as f: pickle.dump(tmpdaa,f) numpy.load('a-file.pickle') Before updates: $ python test.py 1.16.2 a-file.pickle list '#report.24356#' report.24356 test.py tutorial.py Expected result. $ rm a-file.pickle $ python3 test.py 1.16.2 a-file.pickle list '#report.24356#' report.24356 test.py tutorial.py <Expected result> $ rm a-file.pickle $ urpmi.update -a Updated the six packages. $ python test.py 1.16.3 Traceback (most recent call last): File "test.py", line 15, in <module> numpy.load('a-file.pickle') File "/usr/lib64/python2.7/site-packages/numpy/lib/npyio.py", line 451, in load raise ValueError("Cannot load file containing pickled data " ValueError: Cannot load file containing pickled data when allow_pickle=False <Good result> $ rm a-file.pickle $ python3 test.py 1.16.3 Traceback (most recent call last): File "test.py", line 15, in <module> numpy.load('a-file.pickle') File "/usr/lib64/python3.7/site-packages/numpy/lib/npyio.py", line 451, in load raise ValueError("Cannot load file containing pickled data " ValueError: Cannot load file containing pickled data when allow_pickle=False These PoC tests show that the exploit has been trapped. The numpy package provides a multidimensional matrix object useful in science and engineering. See https://numpy.org/devdocs/user/quickstart.html The following is the output from a very basic set of commands obtained from the quickstart tutorial. Script attached. $ python tutorial.py [[ 0 1 2 3 4] [ 5 6 7 8 9] [10 11 12 13 14]] (3, 5) 2 int64 8 15 <type 'numpy.ndarray'> [6 7 8] <type 'numpy.ndarray'> [[1.5 2. 3. ] [4. 5. 6. ]] [[1.+0.j 2.+0.j] [3.+0.j 4.+0.j]] [0 1 2 3] [20 29 38 47] [0 1 4 9] [ 9.12945251 -9.88031624 7.4511316 -2.62374854] python3 produces exactly the same output. Giving this the OK for 64-bits.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Created attachment 11347 [details] Introduction to matrix handling. Simply run against python(2) or python3.
Addendum to comment 5. A word of warning for those like me unfamiliar with python fundamentals; the search path for modules appears to begin at the current directory. The PoC script was originally named pickle.py, which led to a circular attempt to import itself as a module. !
Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0322.html
Status: NEW => RESOLVEDResolution: (none) => FIXED