## This update for tpm2.0-tools, tpm2-0-tss fixes the following issues: tpm2-0-tss: Update to version 4.1: \+ Security \- CVE-2024-29040: arbitrary quote data may go undetected by Fapi_VerifyQuote (bsc#1223690) * Fixed * fapi: Fix length check on FAPI auth callbacks * mu: Correct error message for errors * tss2-rc: fix unknown laer handler dropping bits. * fapi: Fix deviation from CEL specification (template_value was used instead of template_data). * fapi: Fix json syntax error in FAPI profiles which was ignored by json-c. * build: fix build fail after make clean. * mu: Fix unneeded size check in TPM2B unmarshaling. * fapi: Fix missing parameter encryption. * build: Fix failed build with --disable-vendor. * fapi: Fix flush of persistent handles.
* bsc#1223687
* bsc#1223689
* bsc#1223690
Cross-
* CVE-2024-29038
* CVE-2024-29039
* CVE-2024-29040
CVSS scores:
* CVE-2024-29038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-29039 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-29040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* SUSE Linux Micro 6.0
An update that solves three vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-29038.html
* https://www.suse.com/security/cve/CVE-2024-29039.html
* https://www.suse.com/security/cve/CVE-2024-29040.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223687
* https://bugzilla.suse.com/show_bug.cgi?id=1223689
Get the latest Linux and open source security news straight to your inbox.