Security update for tensorflow2 (moderate)

An update that fixes 16 vulnerabilities is now available.

Description:

This update for tensorflow2 fixes the following issues:

• updated to 2.1.2 with following fixes (boo#1177022):
  • Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch
    (CVE-2020-15190)
  • Fixes three vulnerabilities in conversion to DLPack format
    (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193)
  • Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194,
    CVE-2020-15195)
  • Fixes an integer truncation vulnerability in code using the work
    sharder API (CVE-2020-15202)
  • Fixes a format string vulnerability in tf.strings.as_string
    (CVE-2020-15203)
  • Fixes segfault raised by calling session-only ops in eager mode
    (CVE-2020-15204)
  • Fixes data leak and potential ASLR violation from
    tf.raw_ops.StringNGrams (CVE-2020-15205)
  • Fixes segfaults caused by incomplete SavedModel validation
    (CVE-2020-15206)
  • Fixes a data corruption due to a bug in negative indexing support in
    TFLite (CVE-2020-15207)
  • Fixes a data corruption due to dimension mismatch in TFLite
    (CVE-2020-15208)
  • Fixes several vulnerabilities in TFLite saved model format
    (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2020-1766=1