SUSE 5055 Published by

A tensorflow2 security update has been released for SUSE Linux Enterprise 15 SP3.



openSUSE-SU-2022:10014-1: moderate: Security update for tensorflow2


openSUSE Security Update: Security update for tensorflow2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10014-1
Rating: moderate
References: #1173128 #1173314 #1178287 #1178564 #1179455
#1181864 #1186860 #1189423
Cross-References: CVE-2020-26266 CVE-2020-26267 CVE-2020-26268
CVE-2020-26270 CVE-2020-26271 CVE-2021-37635
CVE-2021-37636 CVE-2021-37637 CVE-2021-37638
CVE-2021-37639 CVE-2021-37640 CVE-2021-37641
CVE-2021-37642 CVE-2021-37643 CVE-2021-37644
CVE-2021-37645 CVE-2021-37646 CVE-2021-37647
CVE-2021-37648 CVE-2021-37649 CVE-2021-37650
CVE-2021-37651 CVE-2021-37652 CVE-2021-37653
CVE-2021-37654 CVE-2021-37655 CVE-2021-37656
CVE-2021-37657 CVE-2021-37658 CVE-2021-37659
CVE-2021-37660 CVE-2021-37661 CVE-2021-37662
CVE-2021-37663 CVE-2021-37664 CVE-2021-37665
CVE-2021-37666 CVE-2021-37667 CVE-2021-37668
CVE-2021-37669 CVE-2021-37670 CVE-2021-37671
CVE-2021-37672 CVE-2021-37673 CVE-2021-37674
CVE-2021-37675 CVE-2021-37676 CVE-2021-37677
CVE-2021-37678 CVE-2021-37679 CVE-2021-37680
CVE-2021-37681 CVE-2021-37682 CVE-2021-37683
CVE-2021-37684 CVE-2021-37685 CVE-2021-37686
CVE-2021-37687 CVE-2021-37688 CVE-2021-37689
CVE-2021-37690 CVE-2021-37691 CVE-2021-37692

CVSS scores:
CVE-2020-26266 (NVD) : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2020-26268 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2020-26270 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2020-26271 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-37639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________

An update that fixes 63 vulnerabilities is now available.

Description:

This update for tensorflow fixes the following issues:

Update to TF2 2.6.0 which fixes multiple CVEs (boo#1189423).

- Introduction of bazel6.3 and basel-skylib1.0.3 as build dependencies.
The latter has been adapted to all a version in its package name (if
%set_ver_suffix is set to 1). This allows multiple versions to exist for
one product (not installed). NOTE: basel-skylib1.0.3 does not exist in
oS:Factory: basel-skylib in oS:Factory - the base version - is 1.0.3.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2022-10014=1


Package List:

- openSUSE Backports SLE-15-SP3 (aarch64 s390x x86_64):

tensorflow2-lite-2.6.0-bp153.2.3.1
tensorflow2-lite-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-lite-debugsource-2.6.0-bp153.2.3.1
tensorflow2-lite-devel-2.6.0-bp153.2.3.1

- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):

bazel3.7-3.7.2-bp153.2.1
libtensorflow2-2.6.0-bp153.2.3.1
libtensorflow2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-2.6.0-bp153.2.3.1
libtensorflow_cc2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-2.6.0-bp153.2.3.1
libtensorflow_framework2-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-2.6.0-bp153.2.3.1
tensorflow2-debuginfo-2.6.0-bp153.2.3.1
tensorflow2-debugsource-2.6.0-bp153.2.3.1
tensorflow2-devel-2.6.0-bp153.2.3.1
tensorflow2-doc-2.6.0-bp153.2.3.1
tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1
tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-debugsource-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-doc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-debugsource-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-doc-2.6.0-bp153.2.3.1

- openSUSE Backports SLE-15-SP3 (ppc64le):

bazel3.7-3.7.2-bp153.4.1

- openSUSE Backports SLE-15-SP3 (x86_64):

libiomp5-2.6.0-bp153.2.3.1
libiomp5-debuginfo-2.6.0-bp153.2.3.1
libiomp5-gnu-hpc-2.6.0-bp153.2.3.1
libiomp5-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1

- openSUSE Backports SLE-15-SP3 (noarch):

bazel-skylib1.0.3-source-1.0.3-bp153.2.1

References:

  https://www.suse.com/security/cve/CVE-2020-26266.html
  https://www.suse.com/security/cve/CVE-2020-26267.html
  https://www.suse.com/security/cve/CVE-2020-26268.html
  https://www.suse.com/security/cve/CVE-2020-26270.html
  https://www.suse.com/security/cve/CVE-2020-26271.html
  https://www.suse.com/security/cve/CVE-2021-37635.html
  https://www.suse.com/security/cve/CVE-2021-37636.html
  https://www.suse.com/security/cve/CVE-2021-37637.html
  https://www.suse.com/security/cve/CVE-2021-37638.html
  https://www.suse.com/security/cve/CVE-2021-37639.html
  https://www.suse.com/security/cve/CVE-2021-37640.html
  https://www.suse.com/security/cve/CVE-2021-37641.html
  https://www.suse.com/security/cve/CVE-2021-37642.html
  https://www.suse.com/security/cve/CVE-2021-37643.html
  https://www.suse.com/security/cve/CVE-2021-37644.html
  https://www.suse.com/security/cve/CVE-2021-37645.html
  https://www.suse.com/security/cve/CVE-2021-37646.html
  https://www.suse.com/security/cve/CVE-2021-37647.html
  https://www.suse.com/security/cve/CVE-2021-37648.html
  https://www.suse.com/security/cve/CVE-2021-37649.html
  https://www.suse.com/security/cve/CVE-2021-37650.html
  https://www.suse.com/security/cve/CVE-2021-37651.html
  https://www.suse.com/security/cve/CVE-2021-37652.html
  https://www.suse.com/security/cve/CVE-2021-37653.html
  https://www.suse.com/security/cve/CVE-2021-37654.html
  https://www.suse.com/security/cve/CVE-2021-37655.html
  https://www.suse.com/security/cve/CVE-2021-37656.html
  https://www.suse.com/security/cve/CVE-2021-37657.html
  https://www.suse.com/security/cve/CVE-2021-37658.html
  https://www.suse.com/security/cve/CVE-2021-37659.html
  https://www.suse.com/security/cve/CVE-2021-37660.html
  https://www.suse.com/security/cve/CVE-2021-37661.html
  https://www.suse.com/security/cve/CVE-2021-37662.html
  https://www.suse.com/security/cve/CVE-2021-37663.html
  https://www.suse.com/security/cve/CVE-2021-37664.html
  https://www.suse.com/security/cve/CVE-2021-37665.html
  https://www.suse.com/security/cve/CVE-2021-37666.html
  https://www.suse.com/security/cve/CVE-2021-37667.html
  https://www.suse.com/security/cve/CVE-2021-37668.html
  https://www.suse.com/security/cve/CVE-2021-37669.html
  https://www.suse.com/security/cve/CVE-2021-37670.html
  https://www.suse.com/security/cve/CVE-2021-37671.html
  https://www.suse.com/security/cve/CVE-2021-37672.html
  https://www.suse.com/security/cve/CVE-2021-37673.html
  https://www.suse.com/security/cve/CVE-2021-37674.html
  https://www.suse.com/security/cve/CVE-2021-37675.html
  https://www.suse.com/security/cve/CVE-2021-37676.html
  https://www.suse.com/security/cve/CVE-2021-37677.html
  https://www.suse.com/security/cve/CVE-2021-37678.html
  https://www.suse.com/security/cve/CVE-2021-37679.html
  https://www.suse.com/security/cve/CVE-2021-37680.html
  https://www.suse.com/security/cve/CVE-2021-37681.html
  https://www.suse.com/security/cve/CVE-2021-37682.html
  https://www.suse.com/security/cve/CVE-2021-37683.html
  https://www.suse.com/security/cve/CVE-2021-37684.html
  https://www.suse.com/security/cve/CVE-2021-37685.html
  https://www.suse.com/security/cve/CVE-2021-37686.html
  https://www.suse.com/security/cve/CVE-2021-37687.html
  https://www.suse.com/security/cve/CVE-2021-37688.html
  https://www.suse.com/security/cve/CVE-2021-37689.html
  https://www.suse.com/security/cve/CVE-2021-37690.html
  https://www.suse.com/security/cve/CVE-2021-37691.html
  https://www.suse.com/security/cve/CVE-2021-37692.html
  https://bugzilla.suse.com/1173128
  https://bugzilla.suse.com/1173314
  https://bugzilla.suse.com/1178287
  https://bugzilla.suse.com/1178564
  https://bugzilla.suse.com/1179455
  https://bugzilla.suse.com/1181864
  https://bugzilla.suse.com/1186860
  https://bugzilla.suse.com/1189423