Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-1858 CVE-2014-1859

Source

Debian Bug report logs - #737778
python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)

Package: python-numpy; Maintainer for python-numpy is Sandro Tosi <morph@debian.org>; Source for python-numpy is src:python-numpy (PTS, buildd, popcon).

Reported by: Jakub Wilk <jwilk@debian.org>

Date: Wed, 5 Feb 2014 21:18:02 UTC

Severity: important

Tags: patch, security

Found in version python-numpy/1:1.7.1-3

Fixed in version python-numpy/1:1.8.1~rc1-1

Done: Julian Taylor <jtaylor.debian@googlemail.com>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/numpy/numpy/pull/4262

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, jwilk@debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#737778; Package python-numpy. (Wed, 05 Feb 2014 21:18:06 GMT) (full text, mbox, link).

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

Package: python-numpy
Version: 1:1.7.1-3
Severity: important
Tags: security

numpy/f2py/__init__.py contains this code:

     from numpy.distutils.exec_command import exec_command
     import tempfile
     if source_fn is None:
         fname = os.path.join(tempfile.mktemp()+'.f')
     else:
         fname = source_fn

     f = open(fname,'w')

From the tempfile.mktemp() docstring: “This function is unsafe and 
should not be used. The file name refers to a file that did not exist at 
some point, but by the time you get around to creating it, someone else 
may have beaten you to the punch.”

(There are other calls to tempfile.mktemp() in the numpy codebase, but I 
haven't checked them.)

-- 
Jakub Wilk

Set Bug forwarded-to-address to 'https://github.com/numpy/numpy/pull/4262'. Request was from Julian Taylor <jtaylor.debian@googlemail.com> to control@bugs.debian.org. (Wed, 05 Feb 2014 22:21:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#737778; Package python-numpy. (Thu, 06 Feb 2014 04:03:08 GMT) (full text, mbox, link).

Acknowledgement sent to mmcallis@redhat.com:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Thu, 06 Feb 2014 04:03:08 GMT) (full text, mbox, link).

Message #10 received at 737778@bugs.debian.org (full text, mbox, reply):

Hello,

Jakub Wilk reported insecure temporary file use in f2py. From 
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:

""
numpy/f2py/__init__.py contains this code:

     from numpy.distutils.exec_command import exec_command
     import tempfile
     if source_fn is None:
         fname = os.path.join(tempfile.mktemp()+'.f')
     else:
         fname = source_fn

     f = open(fname,'w')
""

Can a CVE please be assigned if one hasn't been already?

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
https://bugzilla.redhat.com/show_bug.cgi?id=1062009

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Added tag(s) patch. Request was from Julian Taylor <jtaylor.debian@googlemail.com> to control@bugs.debian.org. (Thu, 06 Feb 2014 08:24:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#737778; Package python-numpy. (Thu, 06 Feb 2014 22:51:11 GMT) (full text, mbox, link).

Acknowledgement sent to mmcallis@redhat.com:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Thu, 06 Feb 2014 22:51:11 GMT) (full text, mbox, link).

Message #17 received at 737778@bugs.debian.org (full text, mbox, reply):

On 02/06/2014 02:59 PM, Murray McAllister wrote:
> Hello,
>
> Jakub Wilk reported insecure temporary file use in f2py. From
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:
>
> ""
> numpy/f2py/__init__.py contains this code:
>
>       from numpy.distutils.exec_command import exec_command
>       import tempfile
>       if source_fn is None:
>           fname = os.path.join(tempfile.mktemp()+'.f')
>       else:
>           fname = source_fn
>
>       f = open(fname,'w')
> ""
>
> Can a CVE please be assigned if one hasn't been already?
>
> References:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
> https://bugzilla.redhat.com/show_bug.cgi?id=1062009
>
> Thanks,

Thomas Spura noted in the Red Hat Bugzilla that a patch has been merged 
upstream:

https://github.com/numpy/numpy/pull/4262

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#737778; Package python-numpy. (Sat, 08 Feb 2014 02:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to cve-assign@mitre.org:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Sat, 08 Feb 2014 02:15:05 GMT) (full text, mbox, link).

Message #22 received at 737778@bugs.debian.org (full text, mbox, reply):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Jakub Wilk reported insecure temporary file use in f2py.
> 
> numpy/f2py/__init__.py contains this code:
> 
>           fname = os.path.join(tempfile.mktemp()+'.f')
> 
>       f = open(fname,'w')
> 
> Can a CVE please be assigned if one hasn't been already?
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
> https://bugzilla.redhat.com/show_bug.cgi?id=1062009

Use CVE-2014-1858 only for the issue in the __init__.py file.

Use CVE-2014-1859 for the other temporary-file issues fixed by the
vendor in the
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
commit.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS9Y9iAAoJEKllVAevmvmsmUgH/jW37Wa7Wp52niRfZ+5B3IR+
emZwCRGRhJKZVZKB3yWDPOLv7WPGsXMQUgRzNLI81U2ukGX5+ZDQCAvm2o5fed25
z90k82ER5lwmbosp87p/kKNtCTuLegijDczduBIV73fO3PwC1d+/JM5I4/DnTSM6
OWLRquY7giwDPiF5NvBrmDR6JocWOPVlbAHoIvLuxRFcYdFbqDaJe8Bt8hf2saQB
Phw/nIaladkNJOKR5sZM9+E3tVdP1MPCjmiMdASWktTP0fNrGMoBS24zTAQY5hgT
ApAW+6Y88igBbZ/aci5kvIo7ocdmw+ld7YNK46PMX8Cr4MsTJZX0X6V85HCzAJM=
=XwId
-----END PGP SIGNATURE-----

Changed Bug title to 'python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)' from 'python-numpy: insecure use of /tmp' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 08 Feb 2014 07:36:18 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from jtaylor-guest@users.alioth.debian.org to control@bugs.debian.org. (Sun, 02 Mar 2014 15:54:08 GMT) (full text, mbox, link).

Reply sent to Julian Taylor <jtaylor.debian@googlemail.com>:
You have taken responsibility. (Wed, 12 Mar 2014 21:24:17 GMT) (full text, mbox, link).

Notification sent to Jakub Wilk <jwilk@debian.org>:
Bug acknowledged by developer. (Wed, 12 Mar 2014 21:24:17 GMT) (full text, mbox, link).

Message #31 received at 737778-close@bugs.debian.org (full text, mbox, reply):

Source: python-numpy
Source-Version: 1:1.8.1~rc1-1

We believe that the bug you reported is fixed in the latest version of
python-numpy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 737778@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Taylor <jtaylor.debian@googlemail.com> (supplier of updated python-numpy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 02 Mar 2014 15:33:25 +0100
Source: python-numpy
Binary: python-numpy python-numpy-dbg python3-numpy python3-numpy-dbg python-numpy-doc
Architecture: source amd64 all
Version: 1:1.8.1~rc1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Julian Taylor <jtaylor.debian@googlemail.com>
Description: 
 python-numpy - Numerical Python adds a fast array facility to the Python languag
 python-numpy-dbg - Fast array facility to the Python language (debug extension)
 python-numpy-doc - NumPy documentation
 python3-numpy - Fast array facility to the Python 3 language
 python3-numpy-dbg - Fast array facility to the Python 3 language (debug extension)
Closes: 695881 710177 724611 737778 739019 740318
Changes: 
 python-numpy (1:1.8.1~rc1-1) unstable; urgency=low
 .
   * New upstream bugfix release candidate
     - removed python-numpydoc from b-d, upstream tarballs includes it again
     - fixes insecure mktemp usage of f2py (Closes: #737778)
   * add autopkgtests running testsuite with different BLAS and testing f2py
     and distutils (Closes: #695881)
   * use dh_python2 instead of deprecated pysupport
   * 50_search-multiarch-paths.patch: drop, applied upstream
   * build depend on cython and cythonize mtrand.pyx (Closes: #710177)
   * move documentation build depends to -indep (Closes: #739019)
   * run tests in verbose mode (Closes: #724611)
   * python3-soabi.patch: fix ctypeslib for python3 soabi in extension filenames
   * debian/python3-numpy-dbg.install:
     - fix duplicate files in dbg package of kfreebsd (Closes: #740318)
   * bump Standards-Version to 3.9.5 (no changes needed)
   * restore-3kcompat-api.patch:
     add upstream patch to restore private api used by matplotlib
Checksums-Sha1: 
 5eb1d7b49d487bf60ed77b59455c463cdf616426 1938 python-numpy_1.8.1~rc1-1.dsc
 873ab03d189e5a0687ba79d55033a7f30be20d9d 3790496 python-numpy_1.8.1~rc1.orig.tar.gz
 39fbc1b4f6b8908a57d7d4ec0a6408eb6ebe7cd7 140204 python-numpy_1.8.1~rc1-1.debian.tar.xz
 5e4311d7f0f797573ff7a55f7796a704fda73ac8 1600168 python-numpy_1.8.1~rc1-1_amd64.deb
 0c10f6d67ac3c32abbc23537b817f9f076e97ae8 2969766 python-numpy-dbg_1.8.1~rc1-1_amd64.deb
 6f7639cdb01af9e5306c4a67c201ecc777107ab5 1668996 python3-numpy_1.8.1~rc1-1_amd64.deb
 f40a022bf9f2d9fce96702c56f59740c30ab0bbe 5363806 python3-numpy-dbg_1.8.1~rc1-1_amd64.deb
 8e95298a11a7f89c22ff73dee6f2e5544491e371 3928026 python-numpy-doc_1.8.1~rc1-1_all.deb
Checksums-Sha256: 
 d43cffd1340570b757d355dceb0b730b4a13e7f78abd90083cb47a8a6fe3f4ec 1938 python-numpy_1.8.1~rc1-1.dsc
 78259bf9d770f79665a1622325094c356bff739cb4ce5236b49e707855404ba4 3790496 python-numpy_1.8.1~rc1.orig.tar.gz
 ca66f3875c592a2eb32a1fa8c3faed00b17005ae7f8c44d34ec6303d7bb4e517 140204 python-numpy_1.8.1~rc1-1.debian.tar.xz
 c2efd5bd0ef1dc9113ace09fee4a6433b6171ae070e3ad1f5d3da50c80b09a86 1600168 python-numpy_1.8.1~rc1-1_amd64.deb
 963b261964754bb82293dfb60f7d81c2e9ed03b37bb95fa96c85f742da19cb58 2969766 python-numpy-dbg_1.8.1~rc1-1_amd64.deb
 ad95e8f6fd3301b187c7084fcee88dfc614fff2142f364f5c6720145c6ccfba5 1668996 python3-numpy_1.8.1~rc1-1_amd64.deb
 0741fbb32ead688ab706ed396fcddefb18a33754acf231292178038fb7a25afa 5363806 python3-numpy-dbg_1.8.1~rc1-1_amd64.deb
 367c7b74cd50e87dc10916e7b40fa42382b5f5d914881da2844f7733fd354d62 3928026 python-numpy-doc_1.8.1~rc1-1_all.deb
Files: 
 288c0cd5f73f75d63e62fc59415103e9 1938 python optional python-numpy_1.8.1~rc1-1.dsc
 a9a48950271fc2eac56a5d2418783279 3790496 python optional python-numpy_1.8.1~rc1.orig.tar.gz
 d9040651b5bc477de29c5954d51a9b85 140204 python optional python-numpy_1.8.1~rc1-1.debian.tar.xz
 831d385e339e332a63422da64d9423fb 1600168 python optional python-numpy_1.8.1~rc1-1_amd64.deb
 bcc60a034b4be309e1cc0da6d8b388ee 2969766 debug extra python-numpy-dbg_1.8.1~rc1-1_amd64.deb
 3d8c5d7d7ce56b31b869cfdae483139f 1668996 python optional python3-numpy_1.8.1~rc1-1_amd64.deb
 66895eaa991544e6e0d577632845acae 5363806 debug extra python3-numpy-dbg_1.8.1~rc1-1_amd64.deb
 0274656a722e5526c8930f09d5a1bb28 3928026 doc optional python-numpy-doc_1.8.1~rc1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlMguXAACgkQAukwV0RN2VAH7ACfYdLLMpU6YnhcwE3MJLwMB08X
xBgAmwWSkbFxz5PMQGhOQLJrvZmwRojo
=+Xad
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 10 Apr 2014 07:30:38 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:07:47 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)

Debian Bug report logs - #737778
python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)

Vulmon Search

About

Products

Connect

python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)

Debian Bug report logs - #737778 python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)

Vulmon Search

About

Products

Connect

Debian Bug report logs - #737778
python-numpy: insecure use of /tmp (CVE-2014-1858 CVE-2014-1859)