Fedora 36: tpm2-tss 2023-3a9674404c
Summary
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
APIs. It sits between TPM driver and applications, providing TPM2.0 specified
APIs for applications to access TPM module through kernel TPM drivers.
Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. * The drv layer in
tss2-rc should have been the policy layer. * Spec deviation in
Fapi_GetDescription caused description to be NULL when it should be empty
string. This is API breaking but considered a bug since it deviated
from the FAPI spec * FAPI: undefined reference to curl_url_strerror when using
curl less than 7.80.0.
* Wed Feb 1 2023 Peter Robinson
- Update to 3.2.2
[ 1 ] Bug #2158598 - cannot get EK certificate after updating to tpm2-tss-3.2.1-1
https://bugzilla.redhat.com/show_bug.cgi?id=2158598
[ 2 ] Bug #2162612 - CVE-2023-22745 tpm2-tss: Buffer Overlow in TSS2_RC_Decode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2162612
su -c 'dnf upgrade --advisory FEDORA-2023-3a9674404c' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/
FEDORA-2023-3a9674404c 2023-02-17 01:32:31.766209 Product : Fedora 36 Version : 3.2.2 Release : 1.fc36 URL : https://github.com/tpm2-software/tpm2-tss Summary : TPM2.0 Software Stack Description : tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs. It sits between TPM driver and applications, providing TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers. Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. * The drv layer in tss2-rc should have been the policy layer. * Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. This is API breaking but considered a bug since it deviated from the FAPI spec * FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0. * Wed Feb 1 2023 Peter Robinson - 3.2.2-1 - Update to 3.2.2 [ 1 ] Bug #2158598 - cannot get EK certificate after updating to tpm2-tss-3.2.1-1 https://bugzilla.redhat.com/show_bug.cgi?id=2158598 [ 2 ] Bug #2162612 - CVE-2023-22745 tpm2-tss: Buffer Overlow in TSS2_RC_Decode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2162612 su -c 'dnf upgrade --advisory FEDORA-2023-3a9674404c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/
Change Log
References
Update Instructions
