Mageia 2021-0590 Critical: Libtpms/Swtpm Security Issues Resolved

mageia

December 30, 2021

CryptSym: fix AES output IV (CVE-2021-3505)

Summary

CryptSym: fix AES output IV (CVE-2021-3505). Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer (CVE-2021-3623) Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access via specially crafted TPM 2 command packets (CVE-2021-3746) Marshal event sequence objects' hash state

References

- https://bugs.mageia.org/show_bug.cgi?id=28882

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/46YMIRHQHNKPCVNRVW4W27MFQQU7ZHHV/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DZI42OR3JUEGWRKEVCOHL2FPTJVYCYBT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7UCZ7AV2UKWYYCNZ2NLLXW7QYCX7K337/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YVJSXDXD44WDR4VA2XL33IZDJTBGRXP7/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7E3B6T5RBDKAWETDTW3WPORY3NK5IR46/

- https://www.cve.org/CVERecord?id=CVE-2021-3446

- https://www.cve.org/CVERecord?id=CVE-2021-3505

- https://www.cve.org/CVERecord?id=CVE-2021-3623

- https://www.cve.org/CVERecord?id=CVE-2021-3746

Topics Covered

security advisory buffer overflow access breach mageia swtpm libtpms

Resolution

SRPMS

- 8/core/libtpms-0.9.1-1.mga8

- 8/core/swtpm-0.7.0-5.mga8

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 30 Dec 2021

URL: https://advisories.mageia.org/MGASA-2021-0590.html

Type: security

CVE: CVE-2021-3446, CVE-2021-3505, CVE-2021-3623, CVE-2021-3746

Topics Covered

security advisory buffer overflow access breach mageia swtpm libtpms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 2021-0590 Critical: Libtpms/Swtpm Security Issues Resolved

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 2021-0590 Critical: Libtpms/Swtpm Security Issues Resolved

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!