ALAS-2014-302


Amazon Linux AMI Security Advisory: ALAS-2014-302
Advisory Release Date: 2014-09-17 22:50 Pacific
Severity: Low

Issue Overview:

f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.


Affected Packages:

numpy


Issue Correction:
Run yum update numpy to update your system.

New Packages:
i686:
    numpy-f2py-1.7.2-8.10.amzn1.i686
    numpy-debuginfo-1.7.2-8.10.amzn1.i686
    numpy-1.7.2-8.10.amzn1.i686

noarch:
    numpy-doc-1.7.2-8.10.amzn1.noarch

src:
    numpy-1.7.2-8.10.amzn1.src

x86_64:
    numpy-1.7.2-8.10.amzn1.x86_64
    numpy-f2py-1.7.2-8.10.amzn1.x86_64
    numpy-debuginfo-1.7.2-8.10.amzn1.x86_64