Release 2.8.1
This releases introduces several vulnerability fixes:
- Fixes a code injection in
saved_model_cli(CVE-2022-29216) - Fixes a missing validation which causes
TensorSummaryV2to crash (CVE-2022-29193) - Fixes a missing validation which crashes
QuantizeAndDequantizeV4Grad(CVE-2022-29192) - Fixes a missing validation which causes denial of service via
DeleteSessionTensor(CVE-2022-29194) - Fixes a missing validation which causes denial of service via
GetSessionTensor(CVE-2022-29191) - Fixes a missing validation which causes denial of service via
StagePeek(CVE-2022-29195) - Fixes a missing validation which causes denial of service via
UnsortedSegmentJoin(CVE-2022-29197) - Fixes a missing validation which causes denial of service via
LoadAndRemapMatrix(CVE-2022-29199) - Fixes a missing validation which causes denial of service via
SparseTensorToCSRSparseMatrix(CVE-2022-29198) - Fixes a missing validation which causes denial of service via
LSTMBlockCell(CVE-2022-29200) - Fixes a missing validation which causes denial of service via
Conv3DBackpropFilterV2(CVE-2022-29196) - Fixes a
CHECKfailure in depthwise ops via overflows (CVE-2021-41197) - Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
- Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
- Fixes a missing validation which results in undefined behavior in
SparseTensorDenseAdd(CVE-2022-29206) - Fixes a missing validation which results in undefined behavior in
QuantizedConv2D(CVE-2022-29201) - Fixes an integer overflow in
SpaceToBatchND(CVE-2022-29203) - Fixes a segfault and OOB write due to incomplete validation in
EditDistance(CVE-2022-29208) - Fixes a missing validation which causes denial of service via
Conv3DBackpropFilterV2(CVE-2022-29204) - Fixes a denial of service in
tf.ragged.constantdue to lack of validation (CVE-2022-29202) - Fixes a segfault when
tf.histogram_fixed_widthis called with NaN values (CVE-2022-29211) - Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
- Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
- Fixes a type confusion leading to
CHECK-failure based denial of service (CVE-2022-29209) - Fixes a heap buffer overflow due to incorrect hash function (CVE-2022-29210)
- Updates
curlto7.83.1to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115 - Updates
zlibto1.2.12after1.2.11was pulled due to security issue