Описание
Security update for libtpms
This update for libtpms fixes the following issues:
- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767)
Список пакетов
Container suse/sles/15.5/virt-launcher:0.58.0
libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.1
libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.2
libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.3
libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
libtpms-devel-0.8.2-150300.3.6.1
libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libtpms-devel-0.8.2-150300.3.6.1
libtpms0-0.8.2-150300.3.6.1
openSUSE Leap 15.3
libtpms-devel-0.8.2-150300.3.6.1
libtpms0-0.8.2-150300.3.6.1
openSUSE Leap 15.4
libtpms-devel-0.8.2-150300.3.6.1
libtpms0-0.8.2-150300.3.6.1
openSUSE Leap Micro 5.2
libtpms0-0.8.2-150300.3.6.1
openSUSE Leap Micro 5.3
libtpms0-0.8.2-150300.3.6.1
Ссылки
- Link for SUSE-SU-2022:4457-1
- E-Mail link for SUSE-SU-2022:4457-1
- SUSE Security Ratings
- SUSE Bug 1187767
- SUSE Bug 1204556
- SUSE CVE CVE-2021-3623 page
Описание
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Container suse/sles/15.5/virt-launcher:0.58.0:libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.1:libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.2:libtpms0-0.8.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.3:libtpms0-0.8.2-150300.3.6.1
Ссылки
- CVE-2021-3623
- SUSE Bug 1187767