Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Leap 15.2: Security Update for TensorFlow2 - Moderate Threat

opensuse
Calendar Grey October 29, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for tensorflow2 __________________________________________
An update that fixes 16 vulnerabilities is now available.

Description

This update for tensorflow2 fixes the following issues:

- updated to 2.1.2 with following fixes (boo#1177022):

* Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch

(CVE-2020-15190)

* Fixes three vulnerabilities in conversion to DLPack format

(CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

* Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194,

CVE-2020-15195)

* Fixes an integer truncation vulnerability in code using the work

sharder API (CVE-2020-15202)

* Fixes a format string vulnerability in tf.strings.as_string

(CVE-2020-15203)

* Fixes segfault raised by calling session-only ops in eager mode

(CVE-2020-15204)

* Fixes data leak and potential ASLR violation from

tf.raw_ops.StringNGrams (CVE-2020-15205)

* Fixes segfaults caused by incomplete SavedModel validation

(CVE-2020-15206)

* Fixes a data corruption due to a bug in negative indexing...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1766=1

Package List

- openSUSE Leap 15.2 (x86_64):

libtensorflow2-2.1.2-lp152.7.3.1

libtensorflow2-debuginfo-2.1.2-lp152.7.3.1

libtensorflow2-gnu-hpc-2.1.2-lp152.7.3.1

libtensorflow2-gnu-hpc-debuginfo-2.1.2-lp152.7.3.1

libtensorflow2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1

libtensorflow2-gnu-openmpi2-hpc-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_cc2-2.1.2-lp152.7.3.1

libtensorflow_cc2-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_cc2-gnu-hpc-2.1.2-lp152.7.3.1

libtensorflow_cc2-gnu-hpc-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_cc2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1

libtensorflow_cc2-gnu-openmpi2-hpc-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_framework2-2.1.2-lp152.7.3.1

libtensorflow_framework2-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_framework2-gnu-hpc-2.1.2-lp152.7.3.1

libtensorflow_framework2-gnu-hpc-debuginfo-2.1.2-lp152.7.3.1

libtensorflow_framework2-gnu-openmpi2-hpc-2.1.2-lp152.7.3.1

libtensorflow_framework2-gnu-openmpi2-hpc-debuginfo-2.1.2-lp152.7.3.1

tensorflow2-2.1.2-lp152.7.3.1

tensorflow2-debuginfo-2.1.2-lp152.7.3.1

tensorfl...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-15190.html

https://www.suse.com/security/cve/CVE-2020-15191.html

https://www.suse.com/security/cve/CVE-2020-15192.html

https://www.suse.com/security/cve/CVE-2020-15193.html

https://www.suse.com/security/cve/CVE-2020-15194.html

https://www.suse.com/security/cve/CVE-2020-15195.html

https://www.suse.com/security/cve/CVE-2020-15202.html

https://www.suse.com/security/cve/CVE-2020-15203.html

https://www.suse.com/security/cve/CVE-2020-15204.html

https://www.suse.com/security/cve/CVE-2020-15205.html

https://www.suse.com/security/cve/CVE-2020-15206.html

https://www.suse.com/security/cve/CVE-2020-15207.html

https://www.suse.com/security/cve/CVE-2020-15208.html

https://www.suse.com/security/cve/CVE-2020-15209.html

https://www.suse.com/security/cve/CVE-2020-15210.html

https://www.suse.com/security/cve/CVE-2020-15211.html

https://bugzilla.suse.com/1173314

https://bugzilla.suse.com/1175099

https://bugzilla.suse.com/1175789

https://bugzilla.suse.com/1177022

--

Announcement ID: openSUSE-SU-2020:1766-1
Rating: moderate
Affected Products: openSUSE Leap 15.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here