[Bug 1189423] New: VUL-0: tensorflow2: update to 2.6.0, multiple CVEs
https://bugzilla.suse.com/show_bug.cgi?id=1189423 Bug ID: 1189423 Summary: VUL-0: tensorflow2: update to 2.6.0, multiple CVEs Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: cgoll@suse.com Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de Found By: --- Blocker: --- excerpt from the changelog: Security Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635) Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636) Fixes a null pointer dereference in CompressElement (CVE-2021-37637) Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638) Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639) Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640) Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642) Fixes a heap OOB in RaggedGather (CVE-2021-37641) Fixes a std::abort raised from TensorListReserve (CVE-2021-37644) Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643) Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645) Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646) Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647) Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648) Fixes a null pointer dereference in UncompressElement (CVE-2021-37649) Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650) Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651) Fixes a use after free in boosted trees creation (CVE-2021-37652) Fixes a division by 0 in ResourceGather (CVE-2021-37653) Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654) Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655) Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656) Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657) Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658) Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659) Fixes a division by 0 in inplace operations (CVE-2021-37660) Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661) Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662) Fixes a heap OOB in boosted trees (CVE-2021-37664) Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663) Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665) Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666) Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667) Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668) Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669) Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670) Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671) Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672) Fixes a CHECK-fail in MapStage (CVE-2021-37673) Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674) Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676) Fixes a division by 0 in most convolution operators (CVE-2021-37675) Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677) Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678) Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679) Fixes a division by zero in TFLite (CVE-2021-37680) Fixes an NPE in TFLite (CVE-2021-37681) Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682) Fixes an FPE in TFLite division operations (CVE-2021-37683) Fixes an FPE in TFLite pooling operations (CVE-2021-37684) Fixes an infinite loop in TFLite (CVE-2021-37686) Fixes a heap OOB in TFLite (CVE-2021-37685) Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687) Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688) Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689) Fixes a FPE in LSH in TFLite (CVE-2021-37691) Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692) Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189423
https://bugzilla.suse.com/show_bug.cgi?id=1189423#c1
Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1189423
https://bugzilla.suse.com/show_bug.cgi?id=1189423#c2
--- Comment #2 from Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Maintenance Robot
https://bugzilla.suse.com/show_bug.cgi?id=1189423
https://bugzilla.suse.com/show_bug.cgi?id=1189423#c3
--- Comment #3 from Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1189423
https://bugzilla.suse.com/show_bug.cgi?id=1189423#c4
Egbert Eich
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Chenzi Cao
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Robert Frohl
https://bugzilla.suse.com/show_bug.cgi?id=1189423
https://bugzilla.suse.com/show_bug.cgi?id=1189423#c6
--- Comment #6 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@suse.com