Описание
Security update for tboot
This update for tboot fixes the following issues:
Security issues fixed:
- CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390).
- Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229).
Bug fixes:
- Update to new upstream version. See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542):
- Fix some gcc7 warnings that lead to errors. (boo#1041264)
- Fix wrong pvops kernel config matching (boo#981948)
- Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441)
- fixes a boot issue on Skylake (boo#964408)
- Trim filler words from description; use modern macros over shell vars.
- Add reproducible.patch to call gzip -n to make build fully reproducible.
Список пакетов
openSUSE Leap 42.2
tboot-20170711_1.9.6-7.1
openSUSE Leap 42.3
tboot-20170711_1.9.6-7.1
Ссылки
- E-Mail link for openSUSE-SU-2017:3100-1
- SUSE Security Ratings
Описание
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Затронутые продукты
openSUSE Leap 42.2:tboot-20170711_1.9.6-7.1
openSUSE Leap 42.3:tboot-20170711_1.9.6-7.1
Ссылки
- CVE-2017-16837
- SUSE Bug 1068390
- SUSE Bug 889339