Bug ID 1189423
Summary VUL-0: tensorflow2: update to 2.6.0, multiple CVEs
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee cgoll@suse.com
Reporter gabriele.sonnu@suse.com
QA Contact security-team@suse.de
Found By ---
Blocker --- 

excerpt from the changelog:

Security

    Fixes a heap out of bounds access in sparse reduction operations
(CVE-2021-37635)
    Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
    Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
    Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
    Fixes a null pointer dereference and a heap OOB read arising from
operations restoring tensors (CVE-2021-37639)
    Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
    Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
    Fixes a heap OOB in RaggedGather (CVE-2021-37641)
    Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
    Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
    Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
    Fixes a bad allocation error in StringNGrams caused by integer conversion
(CVE-2021-37646)
    Fixes a null pointer dereference in SparseTensorSliceDataset
(CVE-2021-37647)
    Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
    Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
    Fixes a segfault and a heap buffer overflow in
{Experimental,}DatasetToTFRecord (CVE-2021-37650)
    Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
    Fixes a use after free in boosted trees creation (CVE-2021-37652)
    Fixes a division by 0 in ResourceGather (CVE-2021-37653)
    Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
    Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
    Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToSparse (CVE-2021-37656)
    Fixes an undefined behavior arising from reference binding to nullptr in
MatrixDiagV* ops (CVE-2021-37657)
    Fixes an undefined behavior arising from reference binding to nullptr in
MatrixSetDiagV* ops (CVE-2021-37658)
    Fixes an undefined behavior arising from reference binding to nullptr and
heap OOB in binary cwise ops (CVE-2021-37659)
    Fixes a division by 0 in inplace operations (CVE-2021-37660)
    Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
    Fixes an undefined behavior arising from reference binding to nullptr in
boosted trees (CVE-2021-37662)
    Fixes a heap OOB in boosted trees (CVE-2021-37664)
    Fixes vulnerabilities arising from incomplete validation in QuantizeV2
(CVE-2021-37663)
    Fixes vulnerabilities arising from incomplete validation in MKL
requantization (CVE-2021-37665)
    Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToVariant (CVE-2021-37666)
    Fixes an undefined behavior arising from reference binding to nullptr in
unicode encoding (CVE-2021-37667)
    Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668)
    Fixes a crash in NMS ops caused by integer conversion to unsigned
(CVE-2021-37669)
    Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670)
    Fixes an undefined behavior arising from reference binding to nullptr in
map operations (CVE-2021-37671)
    Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672)
    Fixes a CHECK-fail in MapStage (CVE-2021-37673)
    Fixes a vulnerability arising from incomplete validation in MaxPoolGrad
(CVE-2021-37674)
    Fixes an undefined behavior arising from reference binding to nullptr in
shape inference (CVE-2021-37676)
    Fixes a division by 0 in most convolution operators (CVE-2021-37675)
    Fixes vulnerabilities arising from missing validation in shape inference
for Dequantize (CVE-2021-37677)
    Fixes an arbitrary code execution due to YAML deserialization
(CVE-2021-37678)
    Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679)
    Fixes a division by zero in TFLite (CVE-2021-37680)
    Fixes an NPE in TFLite (CVE-2021-37681)
    Fixes a vulnerability arising from use of unitialized value in TFLite
(CVE-2021-37682)
    Fixes an FPE in TFLite division operations (CVE-2021-37683)
    Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
    Fixes an infinite loop in TFLite (CVE-2021-37686)
    Fixes a heap OOB in TFLite (CVE-2021-37685)
    Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687)
    Fixes an undefined behavior arising from null pointer dereference in TFLite
(CVE-2021-37688)
    Fixes an undefined behavior arising from null pointer dereference in TFLite
MLIR optimizations (CVE-2021-37689)
    Fixes a FPE in LSH in TFLite (CVE-2021-37691)
    Fixes a segfault on strings tensors with mismatched dimensions, arising in
Go code (CVE-2021-37692)
    Fixes a use after free and a potential segfault in shape inference
functions (CVE-2021-37690)

You are receiving this mail because: