Bug 1195545 - VUL-0: tensorflow2: update to version 2.8.0, multiple CVEs
VUL-0: tensorflow2: update to version 2.8.0, multiple CVEs
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Christian Goll
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-02-04 09:20 UTC by Carlos López
Modified: 2022-05-24 08:10 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-04 09:20:21 UTC
Security updates with this version:

Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)
Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)
Fixes a heap OOB access in Dequantize (CVE-2022-21726)
Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)
Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)
Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)
Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)
Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)
Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)
Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)
Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)
Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569)
Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736)
Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737)
Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739)
Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738)
Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740)
Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741)
Fixes an integer overflow in TFLite array creation (CVE-2022-23558)
Fixes an integer overflow in TFLite (CVE-2022-23559)
Fixes a dangerous OOB write in TFLite (CVE-2022-23561)
Fixes a vulnerability leading to read and write outside of bounds in TFLite (CVE-2022-23560)
Fixes a set of vulnerabilities caused by using insecure temporary files (CVE-2022-23563)
Fixes an integer overflow in Range resulting in undefined behavior and OOM (CVE-2022-23562)
Fixes a vulnerability where missing validation causes tf.sparse.split to crash when axis is a tuple (CVE-2021-41206)
Fixes a CHECK-fail when decoding resource handles from proto (CVE-2022-23564)
Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565)
Fixes a heap OOB write in Grappler (CVE-2022-23566)
Fixes a CHECK-fail when decoding invalid tensors from proto (CVE-2022-23571)
Fixes a null-dereference when specializing tensor type (CVE-2022-23570)
Fixes a crash when type cannot be specialized (CVE-2022-23572)
Fixes a heap OOB read/write in SpecializeType (CVE-2022-23574)
Fixes an unitialized variable access in AssignOp (CVE-2022-23573)
Fixes an integer overflow in OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575)
Fixes an integer overflow in OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576)
Fixes a null dereference in GetInitOp (CVE-2022-23577)
Fixes a memory leak when a graph node is invalid (CVE-2022-23578)
Fixes an abort caused by allocating a vector that is too large (CVE-2022-23580)
Fixes multiple CHECK-failures during Grappler's IsSimplifiableReshape (CVE-2022-23581)
Fixes multiple CHECK-failures during Grappler's SafeToRemoveIdentity (CVE-2022-23579)
Fixes multiple CHECK-failures in TensorByteSize (CVE-2022-23582)
Fixes multiple CHECK-failures in binary ops due to type confusion (CVE-2022-23583)
Fixes a use after free in DecodePng kernel (CVE-2022-23584)
Fixes a memory leak in decoding PNG images (CVE-2022-23585)
Fixes multiple CHECK-fails in function.cc (CVE-2022-23586)
Fixes multiple CHECK-fails due to attempting to build a reference tensor (CVE-2022-23588)
Fixes an integer overflow in Grappler cost estimation of crop and resize operation (CVE-2022-23587)
Fixes a null pointer dereference in Grappler's IsConstant (CVE-2022-23589)
Fixes a CHECK failure in constant folding (CVE-2021-41197)
Fixes a stack overflow due to self-recursive function in GraphDef (CVE-2022-23591)
Fixes a heap OOB access in RunForwardTypeInference (CVE-2022-23592)
Fixes a crash due to erroneous StatusOr (CVE-2022-23590)
Fixes multiple crashes and heap OOB accesses in TFG dialect (MLIR) (CVE-2022-23594)
Fixes a segfault in simplifyBroadcast (MLIR) (CVE-2022-23593)
Fixes a null pointer dereference in BuildXlaCompilationCache (XLA) (CVE-2022-23595)
Updates icu to 69.1.
Comment 1 Carlos López 2022-02-04 09:23:08 UTC
All of these bugfixes have been backported to the following versions as well: 2.5.3, 2.6.3, 2.7.1.

The versions we currently ship are:
 - openSUSE:Backports:SLE-15-SP3/tensorflow2 2.1.2
 - openSUSE:Backports:SLE-15-SP4/tensorflow2 2.6.2
 - openSUSE:Factory/tensorflow2              2.7.0
Comment 2 Carlos López 2022-02-04 09:40:51 UTC
(In reply to Carlos López from comment #0)
> Updates icu to 69.1.

This handles CVE-2020-10531 (#1166844).
Comment 3 Benjamin Greiner 2022-02-04 16:46:21 UTC
Updating in Factory to 2.7.1 via sr#951597

The fix for SLE Backports is probably to remove it completely, see also https://code.opensuse.org/leap/features/issue/35
Comment 4 OBSbugzilla Bot 2022-02-04 22:10:03 UTC
This is an autogenerated message for OBS integration:
This bug (1195545) was mentioned in
https://build.opensuse.org/request/show/951670 Factory / tensorflow2