Описание
Security update for libtpms
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
Список пакетов
Container suse/sles/15.5/virt-launcher:0.58.0
libtpms0-0.8.2-150300.3.9.1
SUSE Enterprise Storage 7.1
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Micro 5.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Micro 5.2
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Micro 5.3
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Micro 5.4
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Real Time 15 SP3
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Manager Proxy 4.2
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
SUSE Manager Server 4.2
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
openSUSE Leap 15.4
libtpms-devel-0.8.2-150300.3.9.1
libtpms0-0.8.2-150300.3.9.1
openSUSE Leap Micro 5.3
libtpms0-0.8.2-150300.3.9.1
Ссылки
- Link for SUSE-SU-2023:2051-1
- E-Mail link for SUSE-SU-2023:2051-1
- SUSE Security Ratings
- SUSE Bug 1206022
- SUSE Bug 1206023
- SUSE CVE CVE-2023-1017 page
- SUSE CVE CVE-2023-1018 page
Описание
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
Затронутые продукты
Container suse/sles/15.5/virt-launcher:0.58.0:libtpms0-0.8.2-150300.3.9.1
SUSE Enterprise Storage 7.1:libtpms-devel-0.8.2-150300.3.9.1
SUSE Enterprise Storage 7.1:libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libtpms-devel-0.8.2-150300.3.9.1
Ссылки
- CVE-2023-1017
- SUSE Bug 1206022
Описание
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
Затронутые продукты
Container suse/sles/15.5/virt-launcher:0.58.0:libtpms0-0.8.2-150300.3.9.1
SUSE Enterprise Storage 7.1:libtpms-devel-0.8.2-150300.3.9.1
SUSE Enterprise Storage 7.1:libtpms0-0.8.2-150300.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libtpms-devel-0.8.2-150300.3.9.1
Ссылки
- CVE-2023-1018
- SUSE Bug 1206023