Control: tags 1128653 + patch Control: tags 1128653 + pending Dear maintainer,
I've prepared an NMU for tensorflow (versioned as 2.14.1+dfsg-3.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for tensorflow-2.14.1+dfsg tensorflow-2.14.1+dfsg changelog | 8 patches/0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch | 91 ++++++++++ patches/series | 1 3 files changed, 100 insertions(+) diff -Nru tensorflow-2.14.1+dfsg/debian/changelog tensorflow-2.14.1+dfsg/debian/changelog --- tensorflow-2.14.1+dfsg/debian/changelog 2025-09-07 21:52:13.000000000 +0300 +++ tensorflow-2.14.1+dfsg/debian/changelog 2026-05-04 15:23:32.000000000 +0300 @@ -1,3 +1,11 @@ +tensorflow (2.14.1+dfsg-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2026-2492: HDF5 Library Uncontrolled Search Path Element + Local Privilege Escalation (Closes: #1128653) + + -- Adrian Bunk <[email protected]> Mon, 04 May 2026 15:23:32 +0300 + tensorflow (2.14.1+dfsg-3) unstable; urgency=medium * Add autopkgtest building a simple application using TensorFlow Lite diff -Nru tensorflow-2.14.1+dfsg/debian/patches/0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch tensorflow-2.14.1+dfsg/debian/patches/0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch --- tensorflow-2.14.1+dfsg/debian/patches/0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch 1970-01-01 02:00:00.000000000 +0200 +++ tensorflow-2.14.1+dfsg/debian/patches/0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch 2026-05-04 15:23:06.000000000 +0300 @@ -0,0 +1,91 @@ +From 51c5ba3ac11c5f7a484433bdbabb920f0616fb6c Mon Sep 17 00:00:00 2001 +From: "A. Unique TensorFlower" <[email protected]> +Date: Mon, 15 Dec 2025 13:20:46 -0800 +Subject: Disable HDF5 plugin loading when importing h5py in Tensorflow. + +Set the HDF5_PLUGIN_PATH environment variable to "disable" before importing h5py to prevent the loading of external HDF5 plugins. + +PiperOrigin-RevId: 844896565 +--- + tensorflow/python/keras/engine/training.py | 3 +++ + tensorflow/python/keras/keras_parameterized.py | 4 ++++ + tensorflow/python/keras/saving/hdf5_format.py | 3 +++ + tensorflow/python/keras/saving/save.py | 5 ++++- + 4 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/tensorflow/python/keras/engine/training.py b/tensorflow/python/keras/engine/training.py +index 1e94ca45aef..182db7b0e77 100644 +--- a/tensorflow/python/keras/engine/training.py ++++ b/tensorflow/python/keras/engine/training.py +@@ -83,6 +83,9 @@ from tensorflow.tools.docs import doc_controls + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + except ImportError: + h5py = None +diff --git a/tensorflow/python/keras/keras_parameterized.py b/tensorflow/python/keras/keras_parameterized.py +index 054df939e8e..1a44e6b76f3 100644 +--- a/tensorflow/python/keras/keras_parameterized.py ++++ b/tensorflow/python/keras/keras_parameterized.py +@@ -17,6 +17,7 @@ + import collections + import functools + import itertools ++import os + import unittest + + from absl.testing import parameterized +@@ -30,6 +31,9 @@ from tensorflow.python.platform import test + from tensorflow.python.util import nest + + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py # pylint:disable=g-import-not-at-top + except ImportError: + h5py = None +diff --git a/tensorflow/python/keras/saving/hdf5_format.py b/tensorflow/python/keras/saving/hdf5_format.py +index 1f6bbc43320..05a2c928290 100644 +--- a/tensorflow/python/keras/saving/hdf5_format.py ++++ b/tensorflow/python/keras/saving/hdf5_format.py +@@ -34,6 +34,9 @@ from tensorflow.python.platform import tf_logging as logging + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + HDF5_OBJECT_HEADER_LIMIT = 64512 + except ImportError: +diff --git a/tensorflow/python/keras/saving/save.py b/tensorflow/python/keras/saving/save.py +index eee859233e5..b9ba0bc20d0 100644 +--- a/tensorflow/python/keras/saving/save.py ++++ b/tensorflow/python/keras/saving/save.py +@@ -13,7 +13,7 @@ + # limitations under the License. + # ============================================================================== + """Keras model saving code.""" +- ++import os + from tensorflow.python import tf2 + from tensorflow.python.keras.saving import hdf5_format + from tensorflow.python.keras.saving import saving_utils +@@ -25,6 +25,9 @@ from tensorflow.python.keras.utils.io_utils import path_to_string + + # pylint: disable=g-import-not-at-top + try: ++ # Disable loading HDF5 plugins from a default path and prevent ZDI-CAN-25480. ++ # Importing h5py prior to importing tensorflow will restore the old behavior. ++ os.environ['HDF5_PLUGIN_PATH'] = 'disable' + import h5py + except ImportError: + h5py = None +-- +2.47.3 + diff -Nru tensorflow-2.14.1+dfsg/debian/patches/series tensorflow-2.14.1+dfsg/debian/patches/series --- tensorflow-2.14.1+dfsg/debian/patches/series 2025-09-07 21:52:13.000000000 +0300 +++ tensorflow-2.14.1+dfsg/debian/patches/series 2026-05-04 15:23:26.000000000 +0300 @@ -1,2 +1,3 @@ disable-ml_dtypes.patch set-soversion.patch +0001-Disable-HDF5-plugin-loading-when-importing-h5py-in-T.patch
