https://flyte.org logo
Join Slack
Powered by
<#761 Bump tensorflow from 2.8.0 to 2.8.1 in /cook...
# flyte-github
a
#761 Bump tensorflow from 2.8.0 to 2.8.1 in /cookbook/integrations/kubernetes/kfmpi Pull request opened by dependabot[bot] Bumps tensorflow from 2.8.0 to 2.8.1. Release notes Sourced from tensorflow's releases.
TensorFlow 2.8.1
Release 2.8.1
This releases introduces several vulnerability fixes:
• Fixes a code injection in 
saved_model_cli
(CVE-2022-29216)
• Fixes a missing validation which causes 
TensorSummaryV2
to crash (CVE-2022-29193)
• Fixes a missing validation which crashes 
QuantizeAndDequantizeV4Grad
(CVE-2022-29192)
• Fixes a missing validation which causes denial of service via 
DeleteSessionTensor
(CVE-2022-29194)
• Fixes a missing validation which causes denial of service via 
GetSessionTensor
(CVE-2022-29191)
• Fixes a missing validation which causes denial of service via 
StagePeek
(CVE-2022-29195)
• Fixes a missing validation which causes denial of service via 
UnsortedSegmentJoin
(CVE-2022-29197)
• Fixes a missing validation which causes denial of service via 
LoadAndRemapMatrix
(CVE-2022-29199)
• Fixes a missing validation which causes denial of service via 
SparseTensorToCSRSparseMatrix
(CVE-2022-29198)
• Fixes a missing validation which causes denial of service via 
LSTMBlockCell
(CVE-2022-29200)
• Fixes a missing validation which causes denial of service via 
Conv3DBackpropFilterV2
(CVE-2022-29196)
• Fixes a 
CHECK
failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in 
SparseTensorDenseAdd
(CVE-2022-29206)
• Fixes a missing validation which results in undefined behavior in 
QuantizedConv2D
(CVE-2022-29201)
• Fixes an integer overflow in 
SpaceToBatchND
(CVE-2022-29203)
• Fixes a segfault and OOB write due to incomplete validation in 
EditDistance
(CVE-2022-29208)
• Fixes a missing validation which causes denial of service via 
Conv3DBackpropFilterV2
(CVE-2022-29204)
• Fixes a denial of service in 
tf.ragged.constant
due to lack of validation (CVE-2022-29202)
• Fixes a segfault when 
tf.histogram_fixed_width
is called with NaN values (CVE-2022-29211)
• Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)
• Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)
• Fixes a type confusion leading to 
CHECK
-failure based denial of service (CVE-2022-29209)
• Fixes a heap buffer overflow due to incorrect hash function (CVE-2022-29210)
• Updates 
curl
to 
7.83.1
to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115
• Updates 
zlib
to 
1.2.12
after 
1.2.11
was pulled due to security issue
Changelog Sourced from tensorflow's changelog.
Release 2.8.1
This releases introduces several vulnerability fixes:
• Fixes a code injection in 
saved_model_cli
(CVE-2022-29216)
• Fixes a missing validation which causes 
TensorSummaryV2
to crash (CVE-2022-29193)
• Fixes a missing validation which crashes 
QuantizeAndDequantizeV4Grad
(CVE-2022-29192)
• Fixes a missing validation which causes denial of service via 
DeleteSessionTensor
(CVE-2022-29194)
• Fixes a missing validation which causes denial of service via 
GetSessionTensor
(CVE-2022-29191)
• Fixes a missing validation which causes denial of service via 
StagePeek
(CVE-2022-29195)
• Fixes a missing validation which causes denial of service via 
UnsortedSegmentJoin
(CVE-2022-29197)
• Fixes a missing validation which causes denial of service via 
LoadAndRemapMatrix
(CVE-2022-29199)
• Fixes a missing validation which causes denial of service via 
SparseTensorToCSRSparseMatrix
(CVE-2022-29198)
• Fixes a missing validation which causes denial of service via 
LSTMBlockCell
(CVE-2022-29200)
• Fixes a missing validation which causes denial of service via 
Conv3DBackpropFilterV2
(CVE-2022-29196)
• Fixes a 
CHECK
failure in depthwise ops via overflows (CVE-2021-41197)
• Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)
• Fixes a segfault due to missing support for quantized types (CVE-2022-29205)
• Fixes a missing validation which results in undefined behavior in 
SparseTensorDenseAdd
(<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV…
flyteorg/flytesnacks GitHub Actions: Mark github pre-release as Release GitHub Actions: Publish artifacts to github release GitHub Actions: Create Prerelease GitHub Actions: Bump Version 26 other checks have passed 26/30 successful checks
3 Views
Open in Slack
PreviousNext
Powered by