Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.853530
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
Summary:The remote host is missing an update for the 'tensorflow2'; package(s) announced via the openSUSE-SU-2020:1766-1 advisory.
Description:Summary:
The remote host is missing an update for the 'tensorflow2'
package(s) announced via the openSUSE-SU-2020:1766-1 advisory.

Vulnerability Insight:
This update for tensorflow2 fixes the following issues:

- updated to 2.1.2 with following fixes (boo#1177022):

* Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch
(CVE-2020-15190)

* Fixes three vulnerabilities in conversion to DLPack format
(CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)

* Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194,
CVE-2020-15195)

* Fixes an integer truncation vulnerability in code using the work
sharder API (CVE-2020-15202)

* Fixes a format string vulnerability in tf.strings.as_string
(CVE-2020-15203)

* Fixes segfault raised by calling session-only ops in eager mode
(CVE-2020-15204)

* Fixes data leak and potential ASLR violation from
tf.raw_ops.StringNGrams (CVE-2020-15205)

* Fixes segfaults caused by incomplete SavedModel validation
(CVE-2020-15206)

* Fixes a data corruption due to a bug in negative indexing support in
TFLite (CVE-2020-15207)

* Fixes a data corruption due to dimension mismatch in TFLite
(CVE-2020-15208)

* Fixes several vulnerabilities in TFLite saved model format
(CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1766=1

Affected Software/OS:
'tensorflow2' package(s) on openSUSE Leap 15.2.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-15190
Common Vulnerability Exposure (CVE) ID: CVE-2020-15191
Common Vulnerability Exposure (CVE) ID: CVE-2020-15192
Common Vulnerability Exposure (CVE) ID: CVE-2020-15193
Common Vulnerability Exposure (CVE) ID: CVE-2020-15194
Common Vulnerability Exposure (CVE) ID: CVE-2020-15195
Common Vulnerability Exposure (CVE) ID: CVE-2020-15202
Common Vulnerability Exposure (CVE) ID: CVE-2020-15203
Common Vulnerability Exposure (CVE) ID: CVE-2020-15204
Common Vulnerability Exposure (CVE) ID: CVE-2020-15205
Common Vulnerability Exposure (CVE) ID: CVE-2020-15206
Common Vulnerability Exposure (CVE) ID: CVE-2020-15207
Common Vulnerability Exposure (CVE) ID: CVE-2020-15208
Common Vulnerability Exposure (CVE) ID: CVE-2020-15209
Common Vulnerability Exposure (CVE) ID: CVE-2020-15210
Common Vulnerability Exposure (CVE) ID: CVE-2020-15211
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.