https://bugzilla.suse.com/show_bug.cgi?id=1189423
Bug ID: 1189423 Summary: VUL-0: tensorflow2: update to 2.6.0, multiple CVEs Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: cgoll@suse.com Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de Found By: --- Blocker: ---
excerpt from the changelog:
Security
Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635) Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636) Fixes a null pointer dereference in CompressElement (CVE-2021-37637) Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638) Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639) Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640) Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642) Fixes a heap OOB in RaggedGather (CVE-2021-37641) Fixes a std::abort raised from TensorListReserve (CVE-2021-37644) Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643) Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645) Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646) Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647) Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648) Fixes a null pointer dereference in UncompressElement (CVE-2021-37649) Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650) Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651) Fixes a use after free in boosted trees creation (CVE-2021-37652) Fixes a division by 0 in ResourceGather (CVE-2021-37653) Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654) Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655) Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656) Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657) Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658) Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659) Fixes a division by 0 in inplace operations (CVE-2021-37660) Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661) Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662) Fixes a heap OOB in boosted trees (CVE-2021-37664) Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663) Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665) Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666) Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667) Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668) Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669) Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670) Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671) Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672) Fixes a CHECK-fail in MapStage (CVE-2021-37673) Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674) Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676) Fixes a division by 0 in most convolution operators (CVE-2021-37675) Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677) Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678) Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679) Fixes a division by zero in TFLite (CVE-2021-37680) Fixes an NPE in TFLite (CVE-2021-37681) Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682) Fixes an FPE in TFLite division operations (CVE-2021-37683) Fixes an FPE in TFLite pooling operations (CVE-2021-37684) Fixes an infinite loop in TFLite (CVE-2021-37686) Fixes a heap OOB in TFLite (CVE-2021-37685) Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687) Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688) Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689) Fixes a FPE in LSH in TFLite (CVE-2021-37691) Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692) Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
https://bugzilla.suse.com/show_bug.cgi?id=1189423 https://bugzilla.suse.com/show_bug.cgi?id=1189423#c1
Gabriele Sonnu gabriele.sonnu@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |smash_bz@suse.de
--- Comment #1 from Gabriele Sonnu gabriele.sonnu@suse.com --- The following Backport codestreams are affected:
openSUSE:Backports:SLE-15:Update/vlc openSUSE:Backports:SLE-15-SP1:Update/vlc
https://bugzilla.suse.com/show_bug.cgi?id=1189423 https://bugzilla.suse.com/show_bug.cgi?id=1189423#c2
--- Comment #2 from Gabriele Sonnu gabriele.sonnu@suse.com --- The following Backport codestreams are affected:
openSUSE:Backports:SLE-15-SP2/tensorflow2 openSUSE:Backports:SLE-15-SP3/tensorflow2
Maybe this could be addressed there, too?
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Maintenance Robot maint-coord+maintenance_robot@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium
https://bugzilla.suse.com/show_bug.cgi?id=1189423 https://bugzilla.suse.com/show_bug.cgi?id=1189423#c3
--- Comment #3 from Gabriele Sonnu gabriele.sonnu@suse.com --- please ignore the first comment about backports. It was sent in error and it's not related to this issue.
https://bugzilla.suse.com/show_bug.cgi?id=1189423 https://bugzilla.suse.com/show_bug.cgi?id=1189423#c4
Egbert Eich eich@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|cgoll@suse.com |screening-team-bugs@suse.de
--- Comment #4 from Egbert Eich eich@suse.com --- The HPC team is not accepting tickets for AI/ML related packages for the time being.
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Chenzi Cao chcao@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|Other |Security Assignee|screening-team-bugs@suse.de |security-team@suse.de
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |cgoll@suse.com
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|cgoll@suse.com |security-team@suse.de
https://bugzilla.suse.com/show_bug.cgi?id=1189423
Robert Frohl rfrohl@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://smash.suse.de/issue | |/307320/ CC| |rfrohl@suse.com
https://bugzilla.suse.com/show_bug.cgi?id=1189423 https://bugzilla.suse.com/show_bug.cgi?id=1189423#c6
--- Comment #6 from Swamp Workflow Management swamp@suse.de --- openSUSE-SU-2022:10014-1: An update that fixes 63 vulnerabilities is now available.
Category: security (moderate) Bug References: 1173128,1173314,1178287,1178564,1179455,1181864,1186860,1189423 CVE References: CVE-2020-26266,CVE-2020-26267,CVE-2020-26268,CVE-2020-26270,CVE-2020-26271,CVE-2021-37635,CVE-2021-37636,CVE-2021-37637,CVE-2021-37638,CVE-2021-37639,CVE-2021-37640,CVE-2021-37641,CVE-2021-37642,CVE-2021-37643,CVE-2021-37644,CVE-2021-37645,CVE-2021-37646,CVE-2021-37647,CVE-2021-37648,CVE-2021-37649,CVE-2021-37650,CVE-2021-37651,CVE-2021-37652,CVE-2021-37653,CVE-2021-37654,CVE-2021-37655,CVE-2021-37656,CVE-2021-37657,CVE-2021-37658,CVE-2021-37659,CVE-2021-37660,CVE-2021-37661,CVE-2021-37662,CVE-2021-37663,CVE-2021-37664,CVE-2021-37665,CVE-2021-37666,CVE-2021-37667,CVE-2021-37668,CVE-2021-37669,CVE-2021-37670,CVE-2021-37671,CVE-2021-37672,CVE-2021-37673,CVE-2021-37674,CVE-2021-37675,CVE-2021-37676,CVE-2021-37677,CVE-2021-37678,CVE-2021-37679,CVE-2021-37680,CVE-2021-37681,CVE-2021-37682,CVE-2021-37683,CVE-2021-37684,CVE-2021-37685,CVE-2021-37686,CVE-2021-37687,CVE-2021-37688,CVE-2021-37689,CVE-2021-37690,CVE-2021-37691,CVE-2021-37692 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): bazel-skylib1.0.3-1.0.3-bp153.2.1, bazel3.7-3.7.2-bp153.2.1, bazel3.7-3.7.2-bp153.4.1, tensorflow2-2.6.0-bp153.2.3.1, tensorflow2-lite-2.6.0-bp153.2.3.1, tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1, tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
-
bugzilla_noreply@suse.com