Bug 1186108 (CVE-2021-29512) - VUL-0: tensorflow2: update to 2.5.0, multiple CVEs
Summary: VUL-0: tensorflow2: update to 2.5.0, multiple CVEs
Status: RESOLVED FIXED
Alias: CVE-2021-29512
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.2
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Christian Goll
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/284451/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-17 06:51 UTC by Robert Frohl
Modified: 2024-03-28 13:50 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-05-17 06:51:24 UTC
excerpt from the changelog:

Security

    Fixes a heap buffer overflow in RaggedBinCount (CVE-2021-29512)
    Fixes a heap out of bounds write in RaggedBinCount (CVE-2021-29514)
    Fixes a type confusion during tensor casts which leads to dereferencing null pointers (CVE-2021-29513)
    Fixes a reference binding to null pointer in MatrixDiag* ops (CVE-2021-29515)
    Fixes a null pointer dereference via invalid Ragged Tensors (CVE-2021-29516)
    Fixes a division by zero in Conv3D (CVE-2021-29517)
    Fixes vulnerabilities where session operations in eager mode lead to null pointer dereferences (CVE-2021-29518)
    Fixes a CHECK-fail in SparseCross caused by type confusion (CVE-2021-29519)
    Fixes a segfault in SparseCountSparseOutput (CVE-2021-29521)
    Fixes a heap buffer overflow in Conv3DBackprop* (CVE-2021-29520)
    Fixes a division by 0 in Conv3DBackprop* (CVE-2021-29522)
    Fixes a CHECK-fail in AddManySparseToTensorsMap (CVE-2021-29523)
    Fixes a division by 0 in Conv2DBackpropFilter (CVE-2021-29524)
    Fixes a division by 0 in Conv2DBackpropInput (CVE-2021-29525)
    Fixes a division by 0 in Conv2D (CVE-2021-29526)
    Fixes a division by 0 in QuantizedConv2D (CVE-2021-29527)
    Fixes a division by 0 in QuantizedMul (CVE-2021-29528)
    Fixes vulnerabilities caused by invalid validation in SparseMatrixSparseCholesky (CVE-2021-29530)
    Fixes a heap buffer overflow caused by rounding (CVE-2021-29529)
    Fixes a CHECK-fail in tf.raw_ops.EncodePng (CVE-2021-29531)
    Fixes a heap out of bounds read in RaggedCross (CVE-2021-29532)
    Fixes a CHECK-fail in DrawBoundingBoxes (CVE-2021-29533)
    Fixes a heap buffer overflow in QuantizedMul (CVE-2021-29535)
    Fixes a CHECK-fail in SparseConcat (CVE-2021-29534)
    Fixes a heap buffer overflow in QuantizedResizeBilinear (CVE-2021-29537)
    Fixes a heap buffer overflow in QuantizedReshape (CVE-2021-29536)
    Fixes a division by zero in Conv2DBackpropFilter (CVE-2021-29538)
    Fixes a heap buffer overflow in Conv2DBackpropFilter (CVE-2021-29540)
    Fixes a heap buffer overflow in StringNGrams (CVE-2021-29542)
    Fixes a null pointer dereference in StringNGrams (CVE-2021-29541)
    Fixes a CHECK-fail in QuantizeAndDequantizeV4Grad (CVE-2021-29544)
    Fixes a CHECK-fail in CTCGreedyDecoder (CVE-2021-29543)
    Fixes a heap buffer overflow in SparseTensorToCSRSparseMatrix (CVE-2021-29545)
    Fixes a division by 0 in QuantizedBiasAdd (CVE-2021-29546)
    Fixes a heap out of bounds in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29547)
    Fixes a division by 0 in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29548)
    Fixes a division by 0 in QuantizedAdd (CVE-2021-29549)
    Fixes a division by 0 in FractionalAvgPool (CVE-2021-29550)
    Fixes an OOB read in MatrixTriangularSolve (CVE-2021-29551)
    Fixes a heap OOB in QuantizeAndDequantizeV3 (CVE-2021-29553)
    Fixes a CHECK-failure in UnsortedSegmentJoin (CVE-2021-29552)
    Fixes a division by 0 in DenseCountSparseOutput (CVE-2021-29554)
    Fixes a division by 0 in FusedBatchNorm (CVE-2021-29555)
    Fixes a division by 0 in SparseMatMul (CVE-2021-29557)
    Fixes a division by 0 in Reverse (CVE-2021-29556)
    Fixes a heap buffer overflow in SparseSplit (CVE-2021-29558)
    Fixes a heap OOB access in unicode ops (CVE-2021-29559)
    Fixes a heap buffer overflow in RaggedTensorToTensor (CVE-2021-29560)
    Fixes a CHECK-fail in LoadAndRemapMatrix (CVE-2021-29561)
    Fixes a CHECK-fail in tf.raw_ops.IRFFT (CVE-2021-29562)
    Fixes a CHECK-fail in tf.raw_ops.RFFT (CVE-2021-29563)
    Fixes a null pointer dereference in EditDistance (CVE-2021-29564)
    Fixes a null pointer dereference in SparseFillEmptyRows (CVE-2021-29565)
    Fixes a heap OOB access in Dilation2DBackpropInput (CVE-2021-29566)
    Fixes a reference binding to null in ParameterizedTruncatedNormal (CVE-2021-29568)
    Fixes a set of vulnerabilities caused by lack of validation in SparseDenseCwiseMul (CVE-2021-29567)
    Fixes a heap out of bounds read in MaxPoolGradWithArgmax (CVE-2021-29570)
    Fixes a heap out of bounds read in RequantizationRange (CVE-2021-29569)
    Fixes a memory corruption in DrawBoundingBoxesV2 (CVE-2021-29571)
    Fixes a reference binding to nullptr in SdcaOptimizer (CVE-2021-29572)
    Fixes an overflow and a denial of service in tf.raw_ops.ReverseSequence (CVE-2021-29575)
    Fixes a division by 0 in MaxPoolGradWithArgmax (CVE-2021-29573)
    Fixes an undefined behavior in MaxPool3DGradGrad (CVE-2021-29574)
    Fixes a heap buffer overflow in MaxPool3DGradGrad (CVE-2021-29576)
    Fixes a heap buffer overflow in AvgPool3DGrad (CVE-2021-29577)
    Fixes an undefined behavior and a CHECK-fail in FractionalMaxPoolGrad (CVE-2021-29580)
    Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-29578)
    Fixes a heap buffer overflow in MaxPoolGrad (CVE-2021-29579)
    Fixes a segfault in CTCBeamSearchDecoder (CVE-2021-29581)
    Fixes a heap OOB read in tf.raw_ops.Dequantize (CVE-2021-29582)
    Fixes a CHECK-fail due to integer overflow (CVE-2021-29584)
    Fixes a heap buffer overflow and undefined behavior in FusedBatchNorm (CVE-2021-29583)
    Fixes a division by zero in padding computation in TFLite (CVE-2021-29585)
    Fixes a division by zero in optimized pooling implementations in TFLite (CVE-2021-29586)
    Fixes a division by zero in TFLite's implementation of SpaceToDepth (CVE-2021-29587)
    Fixes a division by zero in TFLite's implementation of GatherNd (CVE-2021-29589)
    Fixes a division by zero in TFLite's implementation of TransposeConv (CVE-2021-29588)
    Fixes a heap OOB read in TFLite's implementation of Minimum or Maximum (CVE-2021-29590)
    Fixes a null pointer dereference in TFLite's Reshape operator (CVE-2021-29592)
    Fixes a stack overflow due to looping TFLite subgraph (CVE-2021-29591)
    Fixes a division by zero in TFLite's implementation of DepthToSpace (CVE-2021-29595)
    Fixes a division by zero in TFLite's convolution code (CVE-2021-29594)
    Fixes a division by zero in TFLite's implementation of EmbeddingLookup (CVE-2021-29596)
    Fixes a division by zero in TFLite's implementation of BatchToSpaceNd (CVE-2021-29593)
    Fixes a division by zero in TFLite's implementation of SpaceToBatchNd (CVE-2021-29597)
    Fixes a division by zero in TFLite's implementation of SVDF (CVE-2021-29598)
    Fixes a division by zero in TFLite's implementation of Split (CVE-2021-29599)
    Fixes a division by zero in TFLite's implementation of OneHot (CVE-2021-29600)
    Fixes a division by zero in TFLite's implementation of DepthwiseConv (CVE-2021-29602)
    Fixes a division by zero in TFLite's implementation of hashtable lookup (CVE-2021-29604)
    Fixes a integer overflow in TFLite concatentation (CVE-2021-29601)
    Fixes a integer overflow in TFLite memory allocation (CVE-2021-29605)
    Fixes a heap OOB write in TFLite (CVE-2021-29603)
    Fixes a heap OOB read in TFLite (CVE-2021-29606)
    Fixes a heap OOB and null pointer dereference in RaggedTensorToTensor (CVE-2021-29608)
    Fixes vulnerabilities caused by incomplete validation in SparseAdd (CVE-2021-29609)
    Fixes vulnerabilities caused by incomplete validation in SparseSparseMinimum (CVE-2021-29607)
    Fixes vulnerabilities caused by incomplete validation in SparseReshape (CVE-2021-29611)
    Fixes vulnerabilities caused by invalid validation in QuantizeAndDequantizeV2 (CVE-2021-29610)
    Fixes a heap buffer overflow in BandedTriangularSolve (CVE-2021-29612)
    Fixes vulnerabilities caused by incomplete validation in tf.raw_ops.CTCLoss (CVE-2021-29613)
    Fixes an interpreter crash from vulnerabilities in tf.io.decode_raw (CVE-2021-29614)
    Fixes a stack overflow in ParseAttrValue with nested tensors (CVE-2021-29615)
    Fixes a null dereference in Grappler's TrySimplify (CVE-2021-29616)
    Fixes a crash in tf.transpose with complex inputs (CVE-2021-29618)
    Fixes a crash in tf.strings.substr due to CHECK-fail (CVE-2021-29617)
    Fixes a segfault in tf.raw_ops.SparseCountSparseOutput (CVE-2021-29619)
    Fixes a segfault in tf.raw_ops.ImmutableConst (CVE-2021-29539)
    Updates curl to 7.76.0 to handle CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285 and CVE-2020-8286.



[0] https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0
Comment 1 Robert Frohl 2021-05-17 06:54:10 UTC
not sure who the maintainer is, assigning to Christian for now.
Comment 2 Christian Goll 2024-03-28 13:50:06 UTC
Tensorflow 2.7 is in factory (although doesn't build actually), so closing this one