Deep Learning

TensorFlow 2.5.1 Released

August 10, 2021
10 min read
blog-TensorFlow-2.5.1.jpg

TensorFlow 2.5.1 Now Available

TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications.

The newest version of TensorFlow brings a number of major features, improvements, bug fixes and other changes.


Interested in a deep learning solution?
Learn more about Exxact AI workstations starting at $3,700


Major Features and Improvements

This release introduces several vulnerability fixes:

  • Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
  • Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
  • Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
  • Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
  • Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
  • Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
  • Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
  • Fixes a heap OOB in RaggedGather (CVE-2021-37641)
  • Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
  • Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
  • Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
  • Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646)
  • Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647)
  • Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
  • Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
  • Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650)
  • Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
  • Fixes a use after free in boosted trees creation (CVE-2021-37652)
  • Fixes a division by 0 in ResourceGather (CVE-2021-37653)
  • Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
  • Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
  • Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656)
  • Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657)
  • Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658)
  • Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
  • Fixes a division by 0 in inplace operations (CVE-2021-37660)
  • Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
  • Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
  • Fixes a heap OOB in boosted trees (CVE-2021-37664)
  • Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663)
  • Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
  • Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666)
  • Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
  • Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668)
  • Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
  • Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670)
  • Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
  • Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672)
  • Fixes a CHECK-fail in MapStage (CVE-2021-37673)
  • Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674)
  • Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
  • Fixes a division by 0 in most convolution operators (CVE-2021-37675)
  • Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677)
  • Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
  • Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679)
  • Fixes a division by zero in TFLite (CVE-2021-37680)
  • Fixes an NPE in TFLite (CVE-2021-37681)
  • Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682)
  • Fixes an FPE in TFLite division operations (CVE-2021-37683)
  • Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
  • Fixes an infinite loop in TFLite (CVE-2021-37686)
  • Fixes a heap OOB in TFLite (CVE-2021-37685)
  • Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687)
  • Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688)
  • Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689)
  • Fixes a FPE in LSH in TFLite (CVE-2021-37691)
  • Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692)
  • Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
  • Updates curl to 7.77.0 to handle CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, and CVE-2021-22901.

Click here to install TensorFlow 2


Download TensorFlow 2.5.1 on the GitHub page:
https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1


Topics

blog-TensorFlow-2.5.1.jpg
Deep Learning

TensorFlow 2.5.1 Released

August 10, 202110 min read

TensorFlow 2.5.1 Now Available

TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications.

The newest version of TensorFlow brings a number of major features, improvements, bug fixes and other changes.


Interested in a deep learning solution?
Learn more about Exxact AI workstations starting at $3,700


Major Features and Improvements

This release introduces several vulnerability fixes:

  • Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
  • Fixes a floating point exception in SparseDenseCwiseDiv (CVE-2021-37636)
  • Fixes a null pointer dereference in CompressElement (CVE-2021-37637)
  • Fixes a null pointer dereference in RaggedTensorToTensor (CVE-2021-37638)
  • Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
  • Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
  • Fixes a division by 0 in ResourceScatterDiv (CVE-2021-37642)
  • Fixes a heap OOB in RaggedGather (CVE-2021-37641)
  • Fixes a std::abort raised from TensorListReserve (CVE-2021-37644)
  • Fixes a null pointer dereference in MatrixDiagPartOp (CVE-2021-37643)
  • Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
  • Fixes a bad allocation error in StringNGrams caused by integer conversion (CVE-2021-37646)
  • Fixes a null pointer dereference in SparseTensorSliceDataset (CVE-2021-37647)
  • Fixes an incorrect validation of SaveV2 inputs (CVE-2021-37648)
  • Fixes a null pointer dereference in UncompressElement (CVE-2021-37649)
  • Fixes a segfault and a heap buffer overflow in {Experimental,}DatasetToTFRecord (CVE-2021-37650)
  • Fixes a heap buffer overflow in FractionalAvgPoolGrad (CVE-2021-37651)
  • Fixes a use after free in boosted trees creation (CVE-2021-37652)
  • Fixes a division by 0 in ResourceGather (CVE-2021-37653)
  • Fixes a heap OOB and a CHECK fail in ResourceGather (CVE-2021-37654)
  • Fixes a heap OOB in ResourceScatterUpdate (CVE-2021-37655)
  • Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToSparse (CVE-2021-37656)
  • Fixes an undefined behavior arising from reference binding to nullptr in MatrixDiagV* ops (CVE-2021-37657)
  • Fixes an undefined behavior arising from reference binding to nullptr in MatrixSetDiagV* ops (CVE-2021-37658)
  • Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
  • Fixes a division by 0 in inplace operations (CVE-2021-37660)
  • Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
  • Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
  • Fixes a heap OOB in boosted trees (CVE-2021-37664)
  • Fixes vulnerabilities arising from incomplete validation in QuantizeV2 (CVE-2021-37663)
  • Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
  • Fixes an undefined behavior arising from reference binding to nullptr in RaggedTensorToVariant (CVE-2021-37666)
  • Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
  • Fixes an FPE in tf.raw_ops.UnravelIndex (CVE-2021-37668)
  • Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
  • Fixes a heap OOB in UpperBound and LowerBound (CVE-2021-37670)
  • Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
  • Fixes a heap OOB in SdcaOptimizerV2 (CVE-2021-37672)
  • Fixes a CHECK-fail in MapStage (CVE-2021-37673)
  • Fixes a vulnerability arising from incomplete validation in MaxPoolGrad (CVE-2021-37674)
  • Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
  • Fixes a division by 0 in most convolution operators (CVE-2021-37675)
  • Fixes vulnerabilities arising from missing validation in shape inference for Dequantize (CVE-2021-37677)
  • Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
  • Fixes a heap OOB in nested tf.map_fn with RaggedTensors (CVE-2021-37679)
  • Fixes a division by zero in TFLite (CVE-2021-37680)
  • Fixes an NPE in TFLite (CVE-2021-37681)
  • Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682)
  • Fixes an FPE in TFLite division operations (CVE-2021-37683)
  • Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
  • Fixes an infinite loop in TFLite (CVE-2021-37686)
  • Fixes a heap OOB in TFLite (CVE-2021-37685)
  • Fixes a heap OOB in TFLite's Gather* implementations (CVE-2021-37687)
  • Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688)
  • Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689)
  • Fixes a FPE in LSH in TFLite (CVE-2021-37691)
  • Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692)
  • Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
  • Updates curl to 7.77.0 to handle CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, and CVE-2021-22901.

Click here to install TensorFlow 2


Download TensorFlow 2.5.1 on the GitHub page:
https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1


Topics