Bugzilla – Bug 1186108
VUL-0: tensorflow2: update to 2.5.0, multiple CVEs
Last modified: 2024-03-28 13:50:06 UTC
excerpt from the changelog: Security Fixes a heap buffer overflow in RaggedBinCount (CVE-2021-29512) Fixes a heap out of bounds write in RaggedBinCount (CVE-2021-29514) Fixes a type confusion during tensor casts which leads to dereferencing null pointers (CVE-2021-29513) Fixes a reference binding to null pointer in MatrixDiag* ops (CVE-2021-29515) Fixes a null pointer dereference via invalid Ragged Tensors (CVE-2021-29516) Fixes a division by zero in Conv3D (CVE-2021-29517) Fixes vulnerabilities where session operations in eager mode lead to null pointer dereferences (CVE-2021-29518) Fixes a CHECK-fail in SparseCross caused by type confusion (CVE-2021-29519) Fixes a segfault in SparseCountSparseOutput (CVE-2021-29521) Fixes a heap buffer overflow in Conv3DBackprop* (CVE-2021-29520) Fixes a division by 0 in Conv3DBackprop* (CVE-2021-29522) Fixes a CHECK-fail in AddManySparseToTensorsMap (CVE-2021-29523) Fixes a division by 0 in Conv2DBackpropFilter (CVE-2021-29524) Fixes a division by 0 in Conv2DBackpropInput (CVE-2021-29525) Fixes a division by 0 in Conv2D (CVE-2021-29526) Fixes a division by 0 in QuantizedConv2D (CVE-2021-29527) Fixes a division by 0 in QuantizedMul (CVE-2021-29528) Fixes vulnerabilities caused by invalid validation in SparseMatrixSparseCholesky (CVE-2021-29530) Fixes a heap buffer overflow caused by rounding (CVE-2021-29529) Fixes a CHECK-fail in tf.raw_ops.EncodePng (CVE-2021-29531) Fixes a heap out of bounds read in RaggedCross (CVE-2021-29532) Fixes a CHECK-fail in DrawBoundingBoxes (CVE-2021-29533) Fixes a heap buffer overflow in QuantizedMul (CVE-2021-29535) Fixes a CHECK-fail in SparseConcat (CVE-2021-29534) Fixes a heap buffer overflow in QuantizedResizeBilinear (CVE-2021-29537) Fixes a heap buffer overflow in QuantizedReshape (CVE-2021-29536) Fixes a division by zero in Conv2DBackpropFilter (CVE-2021-29538) Fixes a heap buffer overflow in Conv2DBackpropFilter (CVE-2021-29540) Fixes a heap buffer overflow in StringNGrams (CVE-2021-29542) Fixes a null pointer dereference in StringNGrams (CVE-2021-29541) Fixes a CHECK-fail in QuantizeAndDequantizeV4Grad (CVE-2021-29544) Fixes a CHECK-fail in CTCGreedyDecoder (CVE-2021-29543) Fixes a heap buffer overflow in SparseTensorToCSRSparseMatrix (CVE-2021-29545) Fixes a division by 0 in QuantizedBiasAdd (CVE-2021-29546) Fixes a heap out of bounds in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29547) Fixes a division by 0 in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29548) Fixes a division by 0 in QuantizedAdd (CVE-2021-29549) Fixes a division by 0 in FractionalAvgPool (CVE-2021-29550) Fixes an OOB read in MatrixTriangularSolve (CVE-2021-29551) Fixes a heap OOB in QuantizeAndDequantizeV3 (CVE-2021-29553) Fixes a CHECK-failure in UnsortedSegmentJoin (CVE-2021-29552) Fixes a division by 0 in DenseCountSparseOutput (CVE-2021-29554) Fixes a division by 0 in FusedBatchNorm (CVE-2021-29555) Fixes a division by 0 in SparseMatMul (CVE-2021-29557) Fixes a division by 0 in Reverse (CVE-2021-29556) Fixes a heap buffer overflow in SparseSplit (CVE-2021-29558) Fixes a heap OOB access in unicode ops (CVE-2021-29559) Fixes a heap buffer overflow in RaggedTensorToTensor (CVE-2021-29560) Fixes a CHECK-fail in LoadAndRemapMatrix (CVE-2021-29561) Fixes a CHECK-fail in tf.raw_ops.IRFFT (CVE-2021-29562) Fixes a CHECK-fail in tf.raw_ops.RFFT (CVE-2021-29563) Fixes a null pointer dereference in EditDistance (CVE-2021-29564) Fixes a null pointer dereference in SparseFillEmptyRows (CVE-2021-29565) Fixes a heap OOB access in Dilation2DBackpropInput (CVE-2021-29566) Fixes a reference binding to null in ParameterizedTruncatedNormal (CVE-2021-29568) Fixes a set of vulnerabilities caused by lack of validation in SparseDenseCwiseMul (CVE-2021-29567) Fixes a heap out of bounds read in MaxPoolGradWithArgmax (CVE-2021-29570) Fixes a heap out of bounds read in RequantizationRange (CVE-2021-29569) Fixes a memory corruption in DrawBoundingBoxesV2 (CVE-2021-29571) Fixes a reference binding to nullptr in SdcaOptimizer (CVE-2021-29572) Fixes an overflow and a denial of service in tf.raw_ops.ReverseSequence (CVE-2021-29575) Fixes a division by 0 in MaxPoolGradWithArgmax (CVE-2021-29573) Fixes an undefined behavior in MaxPool3DGradGrad (CVE-2021-29574) Fixes a heap buffer overflow in MaxPool3DGradGrad (CVE-2021-29576) Fixes a heap buffer overflow in AvgPool3DGrad (CVE-2021-29577) Fixes an undefined behavior and a CHECK-fail in FractionalMaxPoolGrad (CVE-2021-29580) Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-29578) Fixes a heap buffer overflow in MaxPoolGrad (CVE-2021-29579) Fixes a segfault in CTCBeamSearchDecoder (CVE-2021-29581) Fixes a heap OOB read in tf.raw_ops.Dequantize (CVE-2021-29582) Fixes a CHECK-fail due to integer overflow (CVE-2021-29584) Fixes a heap buffer overflow and undefined behavior in FusedBatchNorm (CVE-2021-29583) Fixes a division by zero in padding computation in TFLite (CVE-2021-29585) Fixes a division by zero in optimized pooling implementations in TFLite (CVE-2021-29586) Fixes a division by zero in TFLite's implementation of SpaceToDepth (CVE-2021-29587) Fixes a division by zero in TFLite's implementation of GatherNd (CVE-2021-29589) Fixes a division by zero in TFLite's implementation of TransposeConv (CVE-2021-29588) Fixes a heap OOB read in TFLite's implementation of Minimum or Maximum (CVE-2021-29590) Fixes a null pointer dereference in TFLite's Reshape operator (CVE-2021-29592) Fixes a stack overflow due to looping TFLite subgraph (CVE-2021-29591) Fixes a division by zero in TFLite's implementation of DepthToSpace (CVE-2021-29595) Fixes a division by zero in TFLite's convolution code (CVE-2021-29594) Fixes a division by zero in TFLite's implementation of EmbeddingLookup (CVE-2021-29596) Fixes a division by zero in TFLite's implementation of BatchToSpaceNd (CVE-2021-29593) Fixes a division by zero in TFLite's implementation of SpaceToBatchNd (CVE-2021-29597) Fixes a division by zero in TFLite's implementation of SVDF (CVE-2021-29598) Fixes a division by zero in TFLite's implementation of Split (CVE-2021-29599) Fixes a division by zero in TFLite's implementation of OneHot (CVE-2021-29600) Fixes a division by zero in TFLite's implementation of DepthwiseConv (CVE-2021-29602) Fixes a division by zero in TFLite's implementation of hashtable lookup (CVE-2021-29604) Fixes a integer overflow in TFLite concatentation (CVE-2021-29601) Fixes a integer overflow in TFLite memory allocation (CVE-2021-29605) Fixes a heap OOB write in TFLite (CVE-2021-29603) Fixes a heap OOB read in TFLite (CVE-2021-29606) Fixes a heap OOB and null pointer dereference in RaggedTensorToTensor (CVE-2021-29608) Fixes vulnerabilities caused by incomplete validation in SparseAdd (CVE-2021-29609) Fixes vulnerabilities caused by incomplete validation in SparseSparseMinimum (CVE-2021-29607) Fixes vulnerabilities caused by incomplete validation in SparseReshape (CVE-2021-29611) Fixes vulnerabilities caused by invalid validation in QuantizeAndDequantizeV2 (CVE-2021-29610) Fixes a heap buffer overflow in BandedTriangularSolve (CVE-2021-29612) Fixes vulnerabilities caused by incomplete validation in tf.raw_ops.CTCLoss (CVE-2021-29613) Fixes an interpreter crash from vulnerabilities in tf.io.decode_raw (CVE-2021-29614) Fixes a stack overflow in ParseAttrValue with nested tensors (CVE-2021-29615) Fixes a null dereference in Grappler's TrySimplify (CVE-2021-29616) Fixes a crash in tf.transpose with complex inputs (CVE-2021-29618) Fixes a crash in tf.strings.substr due to CHECK-fail (CVE-2021-29617) Fixes a segfault in tf.raw_ops.SparseCountSparseOutput (CVE-2021-29619) Fixes a segfault in tf.raw_ops.ImmutableConst (CVE-2021-29539) Updates curl to 7.76.0 to handle CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285 and CVE-2020-8286. [0] https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0
not sure who the maintainer is, assigning to Christian for now.
Tensorflow 2.7 is in factory (although doesn't build actually), so closing this one