openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0052-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.1.2025.0052.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2025:0052-1)

Resumen: The remote host is missing an update for the 'python-asteval' package(s) announced via the openSUSE-SU-2025:0052-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python-asteval' package(s) announced via the openSUSE-SU-2025:0052-1 advisory.

Vulnerability Insight:
This update for python-asteval fixes the following issues:

Update to 1.0.6:

* drop testing and support for Python3.8, add Python 3.13,
change document to reflect this.
* implement safe_getattr and safe_format functions, fix bugs
in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405,
CVE-2025-24359)
* make all procedure attributes private to curb access to AST
nodes, which can be exploited
* improvements to error messages, including use ast functions
to construct better error messages
* remove import of numpy.linalg, as documented
* update doc description for security advisory

Update to 1.0.5:

* more work on handling errors, including fixing #133 and
adding more comprehensive tests for #129 and #132

Update to 1.0.4:

* fix error handling that might result in null exception

Update to 1.0.3:

* functions ('Procedures') defined within asteval have a `
_signature()` method, now use in repr
* add support for deleting subscript
* nested symbol tables now have a Group() function
* update coverage config
* cleanups of exception handling : errors must now have an
exception
* several related fixes to suppress repeated exceptions: see GH
#132 and #129
* make non-boolean return values from comparison operators
behave like Python - not immediately testing as bool

- update to 1.0.2:
* fix NameError handling in expression code
* make exception messages more Python-like
- update to 1.0.1:
* security fixes, based on audit by Andrew Effenhauser, Ayman
Hammad, and Daniel Crowley, IBM X-Force Security Research
division
* remove numpy modules polynomial, fft, linalg by default for
security concerns
* disallow string.format(), improve security of f-string
evaluation

- update to 1.0.0:
* fix (again) nested list comprehension (Issues #127 and #126).
* add more testing of multiple list comprehensions.
* more complete support for Numpy 2, and removal of many Numpy
symbols that have been long deprecated.
* remove AST nodes deprecated in Python 3.8.
* clean up build files and outdated tests.
* fixes to codecov configuration.
* update docs.

- update to 0.9.33:
* fixes for multiple list comprehensions (addressing #126)
* add testing with optionally installed numpy_financial to CI
* test existence of all numpy imports to better safeguard
against missing functions (for safer numpy 2 transition)
* update rendered doc to include PDF and zipped HTML

- update to 0.9.32:
* add deprecations message for numpy functions to be removed in
numpy 2.0
* comparison operations use try/except for short-circuiting
instead of checking for numpy arrays (addressing #123)
* add Python 3.12 to testing
* move repository from 'newville' to 'lmfit' organization
* update doc theme, GitHub locations pointed to by docs, other
doc tweaks.

- Update to 0.9.31:
* cleanup numpy imports to avoid deprecated functions, add financial
functions from numpy_financial ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'python-asteval' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2025-24359

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2025.0052.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2025:0052-1)
Resumen:	The remote host is missing an update for the 'python-asteval' package(s) announced via the openSUSE-SU-2025:0052-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-asteval' package(s) announced via the openSUSE-SU-2025:0052-1 advisory. Vulnerability Insight: This update for python-asteval fixes the following issues: Update to 1.0.6: * drop testing and support for Python3.8, add Python 3.13, change document to reflect this. * implement safe_getattr and safe_format functions, fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405, CVE-2025-24359) * make all procedure attributes private to curb access to AST nodes, which can be exploited * improvements to error messages, including use ast functions to construct better error messages * remove import of numpy.linalg, as documented * update doc description for security advisory Update to 1.0.5: * more work on handling errors, including fixing #133 and adding more comprehensive tests for #129 and #132 Update to 1.0.4: * fix error handling that might result in null exception Update to 1.0.3: * functions ('Procedures') defined within asteval have a ` _signature()` method, now use in repr * add support for deleting subscript * nested symbol tables now have a Group() function * update coverage config * cleanups of exception handling : errors must now have an exception * several related fixes to suppress repeated exceptions: see GH #132 and #129 * make non-boolean return values from comparison operators behave like Python - not immediately testing as bool - update to 1.0.2: * fix NameError handling in expression code * make exception messages more Python-like - update to 1.0.1: * security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division * remove numpy modules polynomial, fft, linalg by default for security concerns * disallow string.format(), improve security of f-string evaluation - update to 1.0.0: * fix (again) nested list comprehension (Issues #127 and #126). * add more testing of multiple list comprehensions. * more complete support for Numpy 2, and removal of many Numpy symbols that have been long deprecated. * remove AST nodes deprecated in Python 3.8. * clean up build files and outdated tests. * fixes to codecov configuration. * update docs. - update to 0.9.33: * fixes for multiple list comprehensions (addressing #126) * add testing with optionally installed numpy_financial to CI * test existence of all numpy imports to better safeguard against missing functions (for safer numpy 2 transition) * update rendered doc to include PDF and zipped HTML - update to 0.9.32: * add deprecations message for numpy functions to be removed in numpy 2.0 * comparison operations use try/except for short-circuiting instead of checking for numpy arrays (addressing #123) * add Python 3.12 to testing * move repository from 'newville' to 'lmfit' organization * update doc theme, GitHub locations pointed to by docs, other doc tweaks. - Update to 0.9.31: * cleanup numpy imports to avoid deprecated functions, add financial functions from numpy_financial ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'python-asteval' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-24359
Copyright	Copyright (C) 2025 Greenbone AG