Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 24.04 LTS USN-6796-1 Critical: TPM2 Software Stack DoS

ubuntu
Calendar Grey May 29, 2024
Dist Ubuntu Esm H88
Security updates have been implemented for the TPM2 Software Stack in Ubuntu distributions, rectifying significant vulnerabilities.
Several security issues were fixed in TPM2 Software Stack.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in TPM2 Software Stack. Software Description: - tpm2-tss: TPM2 Software Stack library Details: Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered that TPM2 Software Stack did not validate the quote data after deserialization. An attacker could generate an arbitrary quote and cause TPM2 Software Stack to have unknown behavior. (CVE-2024-29040)

Topics%20covered

Topics Covered

security advisory critical DoS Ubuntu TPM2 Software Stack

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libtss2-esys-3.0.2-0t64 4.0.1-7.1ubuntu5.1 libtss2-fapi1t64 4.0.1-7.1ubuntu5.1 libtss2-mu-4.0.1-0t64 4.0.1-7.1ubuntu5.1 libtss2-policy0t64 4.0.1-7.1ubuntu5.1 libtss2-rc0t64 4.0.1-7.1ubuntu5.1 libtss2-sys1t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-cmd0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-device0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-libtpms0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-mssim0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-pcap0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-spi-helper0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-swtpm0t64 4.0.1-7.1ubuntu5.1 libtss2-tctildr0t64 4.0.1-7.1ubuntu5.1 Ubuntu 23.10 libtss2-esys-3.0.2-0 4.0.1-3ubuntu1.1 libtss2-fapi1 4.0.1-3ubuntu1.1 libtss2-mu0 4.0.1-3ubuntu1.1 libtss2-policy0 4.0.1-3ubuntu1.1 libtss2-rc0 4.0.1-3ubuntu1.1 libtss2-sys1 4.0.1-3ubuntu1.1 libtss2-tcti-cmd0 4.0.1-3ubuntu1.1 libtss2-tcti-device0 4.0.1-3ubuntu1.1 libtss2-tcti-libtpms0 4.0.1-3ubuntu1.1 libtss2-tcti-mssim0 4.0.1-3ubuntu1.1 libtss2-tcti-pcap0 4.0.1-3ubuntu1.1 libtss2-tcti-spi-helper0 4.0.1-3ubuntu1.1 libtss2-tcti-swtpm0 4.0.1-3ubuntu1.1 libtss2-tctildr0 4.0.1-3ubuntu1.1 Ubuntu 22.04 LTS libtss2-esys-3.0.2-0 3.2.0-1ubuntu1.1 libtss2-fapi1 3.2.0-1ubuntu1.1 libtss2-mu0 3.2.0-1ubuntu1.1 libtss2-rc0 3.2.0-1ubuntu1.1 libtss2-sys1 3.2.0-1ubuntu1.1 libtss2-tcti-cmd0 3.2.0-1ubuntu1.1 libtss2-tcti-device0 3.2.0-1ubuntu1.1 libtss2-tcti-mssim0 3.2.0-1ubuntu1.1 libtss2-tcti-swtpm0 3.2.0-1ubuntu1.1 libtss2-tctildr0 3.2.0-1ubuntu1.1 Ubuntu 20.04 LTS libtss2-esys0 2.3.2-1ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6796-1

CVE-2023-22745, CVE-2024-29040

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6796-1

Topics%20covered

Topics Covered

security advisory critical DoS Ubuntu TPM2 Software Stack

Package Information

https://launchpad.net/ubuntu/+source/tpm2-tss/4.0.1-7.1ubuntu5.1 https://launchpad.net/ubuntu/+source/tpm2-tss/4.0.1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/tpm2-tss/3.2.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/tpm2-tss/2.3.2-1ubuntu0.20.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here