openSUSE-SU-2020:1766-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1766-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:1766-1
Related
Published
2020-10-29T11:23:39Z
Modified
2020-10-29T11:23:39Z
Summary
Security update for tensorflow2
Details

This update for tensorflow2 fixes the following issues:

  • updated to 2.1.2 with following fixes (boo#1177022):
    • Fixes an undefined behavior causing a segfault in tf.rawops.Switch (CVE-2020-15190)
    • Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
    • Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195)
    • Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202)
    • Fixes a format string vulnerability in tf.strings.asstring (CVE-2020-15203)
    • Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204)
    • Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205)
    • Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206)
    • Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207)
    • Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208)
    • Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)
References

Affected packages

openSUSE:Leap 15.2 / tensorflow2

Package

Name
tensorflow2
Purl
pkg:rpm/opensuse/tensorflow2&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-lp152.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libtensorflow2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-doc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2": "2.1.2-lp152.7.3.1"
        }
    ]
}

openSUSE:Leap 15.2 / tensorflow2-lite

Package

Name
tensorflow2-lite
Purl
pkg:rpm/opensuse/tensorflow2-lite&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-lp152.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libtensorflow2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-doc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2": "2.1.2-lp152.7.3.1"
        }
    ]
}

openSUSE:Leap 15.2 / tensorflow2_2_1_2-gnu-hpc

Package

Name
tensorflow2_2_1_2-gnu-hpc
Purl
pkg:rpm/opensuse/tensorflow2_2_1_2-gnu-hpc&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-lp152.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libtensorflow2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-doc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2": "2.1.2-lp152.7.3.1"
        }
    ]
}

openSUSE:Leap 15.2 / tensorflow2_2_1_2-gnu-openmpi2-hpc

Package

Name
tensorflow2_2_1_2-gnu-openmpi2-hpc
Purl
pkg:rpm/opensuse/tensorflow2_2_1_2-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-lp152.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libtensorflow2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-devel": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2": "2.1.2-lp152.7.3.1",
            "libtensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-doc": "2.1.2-lp152.7.3.1",
            "libtensorflow_framework2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "libtensorflow_cc2-gnu-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite": "2.1.2-lp152.7.3.1",
            "tensorflow2_2_1_2-gnu-openmpi2-hpc-doc": "2.1.2-lp152.7.3.1",
            "tensorflow2-gnu-openmpi2-hpc": "2.1.2-lp152.7.3.1",
            "tensorflow2-lite-devel": "2.1.2-lp152.7.3.1",
            "tensorflow2": "2.1.2-lp152.7.3.1"
        }
    ]
}