Fedora 37 Critical Advisory: tpm2-tss Buffer Overflow Fix - 2023-25617e952a

tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system

APIs. It sits between TPM driver and applications, providing TPM2.0 specified

APIs for applications to access TPM module through kernel TPM drivers.

Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. * The drv layer in

tss2-rc should have been the policy layer. * Spec deviation in

Fapi_GetDescription caused description to be NULL when it should be empty

string. This is API breaking but considered a bug since it deviated from the

FAPI spec. * FAPI: undefined reference to curl_url_strerror when using curl less

than 7.80.0.

* Wed Feb 1 2023 Peter Robinson - 3.2.2-1

- Update to 3.2.2

[ 1 ] Bug #2162612 - CVE-2023-22745 tpm2-tss: Buffer Overlow in TSS2_RC_Decode [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2162612

su -c 'dnf upgrade --advisory FEDORA-2023-25617e952a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: