From 99e5e8a062b841a4333d21fdab3b1e27bda407d2 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Fri, 27 Feb 2026 09:49:34 +0530 Subject: [PATCH] [AutoPR- Security] Patch tensorflow for CVE-2026-2492 [HIGH] (#15962) Co-authored-by: Akhila Guruju Co-authored-by: jslobodzian (cherry picked from commit c5bffa3fc625671be604c7d2face342c5b72fdba) --- SPECS/tensorflow/CVE-2026-2492.patch | 94 ++++++++++++++++++++++++++++ SPECS/tensorflow/tensorflow.spec | 8 ++- 2 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 SPECS/tensorflow/CVE-2026-2492.patch diff --git a/SPECS/tensorflow/CVE-2026-2492.patch b/SPECS/tensorflow/CVE-2026-2492.patch new file mode 100644 index 00000000000..8398d5fdf84 --- /dev/null +++ b/SPECS/tensorflow/CVE-2026-2492.patch @@ -0,0 +1,94 @@ +From aea471bdcb78188fbee20a081e5cebcbbd9d34a9 Mon Sep 17 00:00:00 2001 +From: "A. Unique TensorFlower" +Date: Mon, 15 Dec 2025 13:20:46 -0800 +Subject: [PATCH] Disable HDF5 plugin loading when importing h5py in + Tensorflow. + +Set the HDF5_PLUGIN_PATH environment variable to "disable" before importing h5py to prevent the loading of external HDF5 plugins. + +PiperOrigin-RevId: 844896565 +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082.patch +--- + tensorflow/python/keras/engine/training.py | 3 +++ + tensorflow/python/keras/keras_parameterized.py | 4 ++++ + tensorflow/python/keras/saving/hdf5_format.py | 3 +++ + tensorflow/python/keras/saving/save.py | 5 ++++- + 4 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/tensorflow/python/keras/engine/training.py b/tensorflow/python/keras/engine/training.py +index 1e94ca45..182db7b0 100644 +--- a/tensorflow/python/keras/engine/training.py ++++ b/tensorflow/python/keras/engine/training.py +@@ -83,6 +83,9 @@ from tensorflow.tools.docs import doc_controls + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + except ImportError: + h5py = None +diff --git a/tensorflow/python/keras/keras_parameterized.py b/tensorflow/python/keras/keras_parameterized.py +index 054df939..1a44e6b7 100644 +--- a/tensorflow/python/keras/keras_parameterized.py ++++ b/tensorflow/python/keras/keras_parameterized.py +@@ -17,6 +17,7 @@ + import collections + import functools + import itertools ++import os + import unittest + + from absl.testing import parameterized +@@ -30,6 +31,9 @@ from tensorflow.python.platform import test + from tensorflow.python.util import nest + + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py # pylint:disable=g-import-not-at-top + except ImportError: + h5py = None +diff --git a/tensorflow/python/keras/saving/hdf5_format.py b/tensorflow/python/keras/saving/hdf5_format.py +index 1f6bbc43..05a2c928 100644 +--- a/tensorflow/python/keras/saving/hdf5_format.py ++++ b/tensorflow/python/keras/saving/hdf5_format.py +@@ -34,6 +34,9 @@ from tensorflow.python.platform import tf_logging as logging + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + HDF5_OBJECT_HEADER_LIMIT = 64512 + except ImportError: +diff --git a/tensorflow/python/keras/saving/save.py b/tensorflow/python/keras/saving/save.py +index eee85923..b9ba0bc2 100644 +--- a/tensorflow/python/keras/saving/save.py ++++ b/tensorflow/python/keras/saving/save.py +@@ -13,7 +13,7 @@ + # limitations under the License. + # ============================================================================== + """Keras model saving code.""" +- ++import os + from tensorflow.python import tf2 + from tensorflow.python.keras.saving import hdf5_format + from tensorflow.python.keras.saving import saving_utils +@@ -25,6 +25,9 @@ from tensorflow.python.keras.utils.io_utils import path_to_string + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + except ImportError: + h5py = None +-- +2.45.4 + diff --git a/SPECS/tensorflow/tensorflow.spec b/SPECS/tensorflow/tensorflow.spec index 1dac0140536..10f2b0e5f1f 100644 --- a/SPECS/tensorflow/tensorflow.spec +++ b/SPECS/tensorflow/tensorflow.spec @@ -1,7 +1,7 @@ Summary: TensorFlow is an open source machine learning framework for everyone. Name: tensorflow Version: 2.16.1 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -17,6 +17,7 @@ Patch4: CVE-2024-35195.patch Patch5: CVE-2024-5569.patch Patch6: CVE-2024-6923.patch Patch7: CVE-2026-21441.patch +Patch8: CVE-2026-2492.patch BuildRequires: bazel BuildRequires: binutils BuildRequires: build-essential @@ -105,6 +106,8 @@ popd popd +patch -p1 < %{PATCH8} + export TF_PYTHON_VERSION=3.12 ln -s %{_bindir}/python3 %{_bindir}/python @@ -134,6 +137,9 @@ bazel --batch build //tensorflow/tools/pip_package:build_pip_package %{_bindir}/toco_from_protos %changelog +* Tue Feb 24 2026 Azure Linux Security Servicing Account - 2.16.1-11 +- Patch for CVE-2026-2492 + * Tue Jan 13 2026 Aditya Singh - 2.16.1-10 - Patch for CVE-2026-21441