Amazon Linux 1 Security Advisory: ALAS-2014-302
Advisory Release Date: 2014-03-10 09:40 Pacific
Advisory Updated Date: 2014-09-17 22:50 Pacific
f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.
Affected Packages:
numpy
Issue Correction:
Run yum update numpy to update your system.
i686:
numpy-f2py-1.7.2-8.10.amzn1.i686
numpy-debuginfo-1.7.2-8.10.amzn1.i686
numpy-1.7.2-8.10.amzn1.i686
noarch:
numpy-doc-1.7.2-8.10.amzn1.noarch
src:
numpy-1.7.2-8.10.amzn1.src
x86_64:
numpy-1.7.2-8.10.amzn1.x86_64
numpy-f2py-1.7.2-8.10.amzn1.x86_64
numpy-debuginfo-1.7.2-8.10.amzn1.x86_64