tpm2-tools-4.1.1-5.el8

エラータID: AXSA:2021-2806:03

Release date: 
Monday, December 20, 2021 - 10:46
Subject: 
tpm2-tools-4.1.1-5.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module (TPM) 2.0 devices from user space.

Security Fix(es):

* tpm2-tools: fixed AES wrapping key in tpm2_import (CVE-2021-3565)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3565
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

Solution: 

Update packages.

CVEs: 
CVE-2021-3565
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Additional Info: 

N/A

Download: 

SRPMS
  1. tpm2-tools-4.1.1-5.el8.src.rpm
    MD5: 171dd68b60ece6938f55bbd392c0d7e4
    SHA-256: 1ca88cd63cb688af1f40c86a292ab4e874bd2a346cf7c87a3a7f2e249cdf6a58
    Size: 785.78 kB

Asianux Server 8 for x86_64
  1. tpm2-tools-4.1.1-5.el8.x86_64.rpm
    MD5: e8b8a199dbd03c04d176ad961d5119de
    SHA-256: a25e303e43bba9e2713001f8ff3ad1a1a03f9bd8ee15b27f00faea1d37264a6d
    Size: 1.01 MB