Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

openSUSE: 2017:3100-1 Important: tboot DoS Security Issue

opensuse
Calendar Grey November 26, 2017
Dist Opensuse Esm H88
A critical upgrade for Fedora regarding tboot addresses a major flaw while bolstering both security and efficiency.
An update that solves one vulnerability and has 5 fixes is now available.

Description

This update for tboot fixes the following issues:

Security issues fixed:

- CVE-2017-16837: Fix tbootfailed to validate a number of immutable

function pointers, which could allow an attacker to bypass the chain of

trust and execute arbitrary code (boo#1068390).

- Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support

(boo#1067229).

Bug fixes:

- Update to new upstream version. See release notes for details (1.9.6;

1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542):

*

- Fix some gcc7 warnings that lead to errors. (boo#1041264)

- Fix wrong pvops kernel config matching (boo#981948)

- Fix a excessive stack usage pattern that could lead to resets/crashes

(boo#967441)

- fixes a boot issue on Skylake (boo#964408)

- Trim filler words from description; use modern macros over shell vars.

- Add reproducible.patch to call gzip -n to make build fully reproducible.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1308=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1308=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

tboot-20170711_1.9.6-7.1

tboot-debuginfo-20170711_1.9.6-7.1

tboot-debugsource-20170711_1.9.6-7.1

- openSUSE Leap 42.2 (i586 x86_64):

tboot-20170711_1.9.6-4.3.1

tboot-debuginfo-20170711_1.9.6-4.3.1

tboot-debugsource-20170711_1.9.6-4.3.1

References

https://www.suse.com/security/cve/CVE-2017-16837.html

https://bugzilla.suse.com/1041264

https://bugzilla.suse.com/1067229

https://bugzilla.suse.com/1068390

https://bugzilla.suse.com/964408

https://bugzilla.suse.com/967441

https://bugzilla.suse.com/981948

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:3100-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.