1. Ubuntu Security Notices
  2. USN-6226-1

USN-6226-1: SciPy vulnerabilities

Publication date

13 July 2023

Overview

Several security issues were fixed in SciPy.

Releases

Packages

  • scipy - scientific library for Python - documentation

Details

It was discovered that SciPy did not properly manage memory operations
during reference counting. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-25399)

A use-after-free was discovered in SciPy when handling reference counts. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 20.04 LTS. (CVE-2023-29824)

It was discovered that SciPy did not properly manage memory operations
during reference counting. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-25399)

A use-after-free was discovered in SciPy when handling reference counts. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 20.04 LTS. (CVE-2023-29824)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.10 kinetic python3-scipy –  1.8.1-10ubuntu0.22.10.1
22.04 jammy python3-scipy –  1.8.0-1exp2ubuntu1+esm1  
20.04 focal python3-scipy –  1.3.3-3ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›