Fedora 37: tpm2-tss 2023-25617e952a
Summary
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
APIs. It sits between TPM driver and applications, providing TPM2.0 specified
APIs for applications to access TPM module through kernel TPM drivers.
Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. * The drv layer in
tss2-rc should have been the policy layer. * Spec deviation in
Fapi_GetDescription caused description to be NULL when it should be empty
string. This is API breaking but considered a bug since it deviated from the
FAPI spec. * FAPI: undefined reference to curl_url_strerror when using curl less
than 7.80.0.
* Wed Feb 1 2023 Peter Robinson
- Update to 3.2.2
[ 1 ] Bug #2162612 - CVE-2023-22745 tpm2-tss: Buffer Overlow in TSS2_RC_Decode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2162612
su -c 'dnf upgrade --advisory FEDORA-2023-25617e952a' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/
FEDORA-2023-25617e952a 2023-02-09 09:11:04.274266 Product : Fedora 37 Version : 3.2.2 Release : 1.fc37 URL : https://github.com/tpm2-software/tpm2-tss Summary : TPM2.0 Software Stack Description : tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system APIs. It sits between TPM driver and applications, providing TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers. Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. * The drv layer in tss2-rc should have been the policy layer. * Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. This is API breaking but considered a bug since it deviated from the FAPI spec. * FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0. * Wed Feb 1 2023 Peter Robinson - 3.2.2-1 - Update to 3.2.2 [ 1 ] Bug #2162612 - CVE-2023-22745 tpm2-tss: Buffer Overlow in TSS2_RC_Decode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2162612 su -c 'dnf upgrade --advisory FEDORA-2023-25617e952a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/
Change Log
References
Update Instructions
