Bugzilla – Bug 1195545
VUL-0: tensorflow2: update to version 2.8.0, multiple CVEs
Last modified: 2022-05-24 08:10:13 UTC
Security updates with this version: Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725) Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728) Fixes a heap OOB access in Dequantize (CVE-2022-21726) Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727) Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730) Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729) Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731) Fixes an OOM in ThreadPoolHandle (CVE-2022-21732) Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733) Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208) Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567) Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568) Fixes a number of CHECK-failures in MapStage (CVE-2022-21734) Fixes a division by zero in FractionalMaxPool (CVE-2022-21735) Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569) Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736) Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737) Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739) Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738) Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740) Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557) Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741) Fixes an integer overflow in TFLite array creation (CVE-2022-23558) Fixes an integer overflow in TFLite (CVE-2022-23559) Fixes a dangerous OOB write in TFLite (CVE-2022-23561) Fixes a vulnerability leading to read and write outside of bounds in TFLite (CVE-2022-23560) Fixes a set of vulnerabilities caused by using insecure temporary files (CVE-2022-23563) Fixes an integer overflow in Range resulting in undefined behavior and OOM (CVE-2022-23562) Fixes a vulnerability where missing validation causes tf.sparse.split to crash when axis is a tuple (CVE-2021-41206) Fixes a CHECK-fail when decoding resource handles from proto (CVE-2022-23564) Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565) Fixes a heap OOB write in Grappler (CVE-2022-23566) Fixes a CHECK-fail when decoding invalid tensors from proto (CVE-2022-23571) Fixes a null-dereference when specializing tensor type (CVE-2022-23570) Fixes a crash when type cannot be specialized (CVE-2022-23572) Fixes a heap OOB read/write in SpecializeType (CVE-2022-23574) Fixes an unitialized variable access in AssignOp (CVE-2022-23573) Fixes an integer overflow in OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575) Fixes an integer overflow in OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576) Fixes a null dereference in GetInitOp (CVE-2022-23577) Fixes a memory leak when a graph node is invalid (CVE-2022-23578) Fixes an abort caused by allocating a vector that is too large (CVE-2022-23580) Fixes multiple CHECK-failures during Grappler's IsSimplifiableReshape (CVE-2022-23581) Fixes multiple CHECK-failures during Grappler's SafeToRemoveIdentity (CVE-2022-23579) Fixes multiple CHECK-failures in TensorByteSize (CVE-2022-23582) Fixes multiple CHECK-failures in binary ops due to type confusion (CVE-2022-23583) Fixes a use after free in DecodePng kernel (CVE-2022-23584) Fixes a memory leak in decoding PNG images (CVE-2022-23585) Fixes multiple CHECK-fails in function.cc (CVE-2022-23586) Fixes multiple CHECK-fails due to attempting to build a reference tensor (CVE-2022-23588) Fixes an integer overflow in Grappler cost estimation of crop and resize operation (CVE-2022-23587) Fixes a null pointer dereference in Grappler's IsConstant (CVE-2022-23589) Fixes a CHECK failure in constant folding (CVE-2021-41197) Fixes a stack overflow due to self-recursive function in GraphDef (CVE-2022-23591) Fixes a heap OOB access in RunForwardTypeInference (CVE-2022-23592) Fixes a crash due to erroneous StatusOr (CVE-2022-23590) Fixes multiple crashes and heap OOB accesses in TFG dialect (MLIR) (CVE-2022-23594) Fixes a segfault in simplifyBroadcast (MLIR) (CVE-2022-23593) Fixes a null pointer dereference in BuildXlaCompilationCache (XLA) (CVE-2022-23595) Updates icu to 69.1.
All of these bugfixes have been backported to the following versions as well: 2.5.3, 2.6.3, 2.7.1. The versions we currently ship are: - openSUSE:Backports:SLE-15-SP3/tensorflow2 2.1.2 - openSUSE:Backports:SLE-15-SP4/tensorflow2 2.6.2 - openSUSE:Factory/tensorflow2 2.7.0
(In reply to Carlos López from comment #0) > Updates icu to 69.1. This handles CVE-2020-10531 (#1166844).
Updating in Factory to 2.7.1 via sr#951597 The fix for SLE Backports is probably to remove it completely, see also https://code.opensuse.org/leap/features/issue/35
This is an autogenerated message for OBS integration: This bug (1195545) was mentioned in https://build.opensuse.org/request/show/951670 Factory / tensorflow2