Bug 1133195 (CVE-2018-8825)

Summary: VUL-1: CVE-2018-8825: tensorflow: Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
Product: [openSUSE] openSUSE Distribution Reporter: Marcus Meissner <meissner>
Component: OtherAssignee: Christian Goll <cgoll>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None    
Version: Leap 42.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/230150/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-04-24 05:53:04 UTC
CVE-2018-8825

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is:
execute arbitrary code (local).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8825
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md
Comment 1 Christian Goll 2019-04-24 13:59:17 UTC
The vulnerable version are not part of the Factory, we have 1.10.1 and 1.13.1 which are not vulnerable.