Ubuntu Security Notice 5763-1 - It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that NumPy did not properly perform string comparison operations under certain circumstances. An attacker could possibly use this issue to cause NumPy to crash, resulting in a denial of service.
40ada0f71cfe2246d74c5f52c1ed606d4312af2338630c27267a73a8c26a3306
=========================================================================
Ubuntu Security Notice USN-5763-1
December 07, 2022
numpy vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in NumPy.
Software Description:
- numpy: scientific computing package with Python
Details:
It was discovered that NumPy did not properly manage memory when specifying
arrays of large dimensions. If a user were tricked into running malicious
Python file, an attacker could cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-33430)
It was discovered that NumPy did not properly perform string comparison
operations under certain circumstances. An attacker could possibly use
this issue to cause NumPy to crash, resulting in a denial of service.
(CVE-2021-34141)
It was discovered that NumPy did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause NumPy to
crash, resulting in a denial of service. (CVE-2021-41495, CVE-2021-41496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
python3-numpy 1:1.21.5-1ubuntu22.10.1
Ubuntu 22.04 LTS:
python3-numpy 1:1.21.5-1ubuntu22.04.1
Ubuntu 20.04 LTS:
python3-numpy 1:1.17.4-5ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5763-1
CVE-2021-33430, CVE-2021-34141, CVE-2021-41495, CVE-2021-41496
Package Information:
https://launchpad.net/ubuntu/+source/numpy/1:1.21.5-1ubuntu22.10.1
https://launchpad.net/ubuntu/+source/numpy/1:1.21.5-1ubuntu22.04.1
https://launchpad.net/ubuntu/+source/numpy/1:1.17.4-5ubuntu3.1