Release 2.2.3
Note that this is the last patch release for the TensorFlow 2.2.x series.
This release introduces several vulnerability fixes:
- Fixes a heap buffer overflow in
RaggedBinCount
(CVE-2021-29512) - Fixes a heap out of bounds write in
RaggedBinCount
(CVE-2021-29514) - Fixes a type confusion during tensor casts which leads to dereferencing null pointers (CVE-2021-29513)
- Fixes a reference binding to null pointer in
MatrixDiag*
ops (CVE-2021-29515) - Fixes a null pointer dereference via invalid Ragged Tensors (CVE-2021-29516)
- Fixes a division by zero in
Conv3D
(CVE-2021-29517) - Fixes vulnerabilities where session operations in eager mode lead to null pointer dereferences (CVE-2021-29518)
- Fixes a
CHECK
-fail inSparseCross
caused by type confusion (CVE-2021-29519) - Fixes a segfault in
SparseCountSparseOutput
(CVE-2021-29521) - Fixes a heap buffer overflow in
Conv3DBackprop*
(CVE-2021-29520) - Fixes a division by 0 in
Conv3DBackprop*
(CVE-2021-29522) - Fixes a
CHECK
-fail inAddManySparseToTensorsMap
(CVE-2021-29523) - Fixes a division by 0 in
Conv2DBackpropFilter
(CVE-2021-29524) - Fixes a division by 0 in
Conv2DBackpropInput
(CVE-2021-29525) - Fixes a division by 0 in
Conv2D
(CVE-2021-29526) - Fixes a division by 0 in
QuantizedConv2D
(CVE-2021-29527) - Fixes a division by 0 in
QuantizedMul
(CVE-2021-29528) - Fixes vulnerabilities caused by invalid validation in
SparseMatrixSparseCholesky
(CVE-2021-29530) - Fixes a heap buffer overflow caused by rounding (CVE-2021-29529)
- Fixes a
CHECK
-fail intf.raw_ops.EncodePng
(CVE-2021-29531) - Fixes a heap out of bounds read in
RaggedCross
(CVE-2021-29532) - Fixes a
CHECK
-fail inDrawBoundingBoxes
(CVE-2021-29533) - Fixes a heap buffer overflow in
QuantizedMul
(CVE-2021-29535) - Fixes a
CHECK
-fail inSparseConcat
(CVE-2021-29534) - Fixes a heap buffer overflow in
QuantizedResizeBilinear
(CVE-2021-29537) - Fixes a heap buffer overflow in
QuantizedReshape
(CVE-2021-29536) - Fixes a division by zero in
Conv2DBackpropFilter
(CVE-2021-29538) - Fixes a heap buffer overflow in
Conv2DBackpropFilter
(CVE-2021-29540) - Fixes a heap buffer overflow in
StringNGrams
(CVE-2021-29542) - Fixes a null pointer dereference in
StringNGrams
(CVE-2021-29541) - Fixes a
CHECK
-fail inQuantizeAndDequantizeV4Grad
(CVE-2021-29544) - Fixes a
CHECK
-fail inCTCGreedyDecoder
(CVE-2021-29543) - Fixes a heap buffer overflow in
SparseTensorToCSRSparseMatrix
(CVE-2021-29545) - Fixes a division by 0 in
QuantizedBiasAdd
(CVE-2021-29546) - Fixes a heap out of bounds in
QuantizedBatchNormWithGlobalNormalization
(CVE-2021-29547) - Fixes a division by 0 in
QuantizedBatchNormWithGlobalNormalization
(CVE-2021-29548) - Fixes a division by 0 in
QuantizedAdd
(CVE-2021-29549) - Fixes a division by 0 in
FractionalAvgPool
(CVE-2021-29550) - Fixes an OOB read in
MatrixTriangularSolve
(CVE-2021-29551) - Fixes a heap OOB in
QuantizeAndDequantizeV3
(CVE-2021-29553) - Fixes a
CHECK
-failure inUnsortedSegmentJoin
(CVE-2021-29552) - Fixes a division by 0 in
DenseCountSparseOutput
(CVE-2021-29554) - Fixes a division by 0 in
FusedBatchNorm
(CVE-2021-29555) - Fixes a division by 0 in
SparseMatMul
(CVE-2021-29557) - Fixes a division by 0 in
Reverse
(CVE-2021-29556) - Fixes a heap buffer overflow in
SparseSplit
(CVE-2021-29558) - Fixes a heap OOB access in unicode ops (CVE-2021-29559)
- Fixes a heap buffer overflow in
RaggedTensorToTensor
(CVE-2021-29560) - Fixes a
CHECK
-fail inLoadAndRemapMatrix
(CVE-2021-29561) - Fixes a
CHECK
-fail intf.raw_ops.IRFFT
(CVE-2021-29562) - Fixes a
CHECK
-fail intf.raw_ops.RFFT
(CVE-2021-29563) - Fixes a null pointer dereference in
EditDistance
(CVE-2021-29564) - Fixes a null pointer dereference in
SparseFillEmptyRows
(CVE-2021-29565) - Fixes a heap OOB access in
Dilation2DBackpropInput
(CVE-2021-29566) - Fixes a reference binding to null in
ParameterizedTruncatedNormal
(CVE-2021-29568) - Fixes a set of vulnerabilities caused by lack of validation in
SparseDenseCwiseMul
(CVE-2021-29567) - Fixes a heap out of bounds read in
MaxPoolGradWithArgmax
(CVE-2021-29570) - Fixes a heap out of bounds read in
RequantizationRange
(CVE-2021-29569) - Fixes a memory corruption in
DrawBoundingBoxesV2
(CVE-2021-29571) - Fixes a reference binding to nullptr in
SdcaOptimizer
(CVE-2021-29572) - Fixes an overflow and a denial of service in
tf.raw_ops.ReverseSequence
(CVE-2021-29575) - Fixes a division by 0 in
MaxPoolGradWithArgmax
(CVE-2021-29573) - Fixes an undefined behavior in
MaxPool3DGradGrad
(CVE-2021-29574) - Fixes a heap buffer overflow in
MaxPool3DGradGrad
(CVE-2021-29576) - Fixes a heap buffer overflow in
AvgPool3DGrad
(CVE-2021-29577) - Fixes an undefined behavior and a
CHECK
-fail inFractionalMaxPoolGrad
(CVE-2021-29580) - Fixes a heap buffer overflow in
FractionalAvgPoolGrad
(CVE-2021-29578) - Fixes a heap buffer overflow in
MaxPoolGrad
(CVE-2021-29579) - Fixes a segfault in
CTCBeamSearchDecoder
(CVE-2021-29581) - Fixes a heap OOB read in
tf.raw_ops.Dequantize
(CVE-2021-29582) - Fixes a
CHECK
-fail due to integer overflow (CVE-2021-29584) - Fixes a heap buffer overflow and undefined behavior in
FusedBatchNorm
(CVE-2021-29583) - Fixes a division by zero in padding computation in TFLite (CVE-2021-29585)
- Fixes a division by zero in optimized pooling implementations in TFLite (CVE-2021-29586)
- Fixes a division by zero in TFLite's implementation of
SpaceToDepth
(CVE-2021-29587) - Fixes a division by zero in TFLite's implementation of
GatherNd
(CVE-2021-29589) - Fixes a division by zero in TFLite's implementation of
TransposeConv
(CVE-2021-29588) - Fixes a heap OOB read in TFLite's implementation of
Minimum
orMaximum
(CVE-2021-29590) - Fixes a null pointer dereference in TFLite's
Reshape
operator (CVE-2021-29592) - Fixes a stack overflow due to looping TFLite subgraph (CVE-2021-29591)
- Fixes a division by zero in TFLite's implementation of
DepthToSpace
(CVE-2021-29595) - Fixes a division by zero in TFLite's convolution code (CVE-2021-29594)
- Fixes a division by zero in TFLite's implementation of
EmbeddingLookup
(CVE-2021-29596) - Fixes a division by zero in TFLite's implementation of
BatchToSpaceNd
(CVE-2021-29593) - Fixes a division by zero in TFLite's implementation of
SpaceToBatchNd
(CVE-2021-29597) - Fixes a division by zero in TFLite's implementation of
SVDF
(CVE-2021-29598) - Fixes a division by zero in TFLite's implementation of
Split
(CVE-2021-29599) - Fixes a division by zero in TFLite's implementation of
OneHot
(CVE-2021-29600) - Fixes a division by zero in TFLite's implementation of
DepthwiseConv
(CVE-2021-29602) - Fixes a division by zero in TFLite's implementation of hashtable lookup (CVE-2021-29604)
- Fixes a integer overflow in TFLite concatentation (CVE-2021-29601)
- Fixes a integer overflow in TFLite memory allocation (CVE-2021-29605)
- Fixes a heap OOB write in TFLite (CVE-2021-29603)
- Fixes a heap OOB read in TFLite (CVE-2021-29606)
- Fixes a heap OOB and null pointer dereference in
RaggedTensorToTensor
(CVE-2021-29608) - Fixes vulnerabilities caused by incomplete validation in
SparseAdd
(CVE-2021-29609) - Fixes vulnerabilities caused by incomplete validation in
SparseSparseMinimum
(CVE-2021-29607) - Fixes vulnerabilities caused by incomplete validation in
SparseReshape
(CVE-2021-29611) - Fixes vulnerabilities caused by invalid validation in
QuantizeAndDequantizeV2
(CVE-2021-29610) - Fixes a heap buffer overflow in
BandedTriangularSolve
(CVE-2021-29612) - Fixes vulnerabilities caused by incomplete validation in
tf.raw_ops.CTCLoss
(CVE-2021-29613) - Fixes an interpreter crash from vulnerabilities in
tf.io.decode_raw
(CVE-2021-29614) - Fixes a stack overflow in
ParseAttrValue
with nested tensors (CVE-2021-29615) - Fixes a null dereference in Grappler's
TrySimplify
(CVE-2021-29616) - Fixes a crash in
tf.transpose
with complex inputs (CVE-2021-29618) - Fixes a crash in
tf.strings.substr
due toCHECK
-fail (CVE-2021-29617) - Fixes a segfault in
tf.raw_ops.SparseCountSparseOutput
(CVE-2021-29619) - Fixes a segfault in
tf.raw_ops.ImmutableConst
(CVE-2021-29539) - Updates
curl
to7.76.0
to handle CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285 and CVE-2020-8286.