QID 981467
QID 981467: Python (pip) Security Update for tensorflow-gpu (GHSA-w5gh-2wr2-pm6g)
Security update has been released for tensorflow-gpu,tensorflow,tensorflow-cpu to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments.
We have added fixes to this in f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
- GHSA-w5gh-2wr2-pm6g -
github.com/advisories/GHSA-w5gh-2wr2-pm6g
CVEs related to QID 981467
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-w5gh-2wr2-pm6g | tensorflow |
|
|
| GHSA-w5gh-2wr2-pm6g | tensorflow-cpu |
|
|
| GHSA-w5gh-2wr2-pm6g | tensorflow-gpu |
|