swtpm-0.7.0-3.20211109gitb79fd91.el9

エラータID: AXSA:2023-4729:01

リリース日: 
2023/01/13 Friday - 07:26
題名: 
swtpm-0.7.0-3.20211109gitb79fd91.el9
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

以下項目について対処しました。

[Security Fix]
- swtpm には、境界外読み取りの問題があるため、ローカルの攻撃者に
より、巧妙に細工されたヘッダーを介して、swtpm の起動の阻害や
クラッシュを可能とする脆弱性が存在します。(CVE-2022-23645)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. swtpm-0.7.0-3.20211109gitb79fd91.el9.src.rpm
    MD5: 803253d5fc924a503be2bba569402da8
    SHA-256: fea0cfcf954cd8d0176e8b1c88dd8c06cecd49e97ef0baa0e94f4433ce41dd4d
    Size: 363.67 kB

Asianux Server 9 for x86_64
  1. swtpm-0.7.0-3.20211109gitb79fd91.el9.x86_64.rpm
    MD5: e79363b4afbd0c0d8c7535169d95dc80
    SHA-256: af46c20cac6574ec7d5e8e6c5afe68b05dbcded05e0da66c4af0cad03b7924ab
    Size: 41.89 kB
  2. swtpm-libs-0.7.0-3.20211109gitb79fd91.el9.x86_64.rpm
    MD5: e412cea5e44952302d9252e03b117cfe
    SHA-256: d127d57944de583c597db62d5f085938a23e5312c3183fe7586dc3a1e5faf05d
    Size: 49.22 kB
  3. swtpm-tools-0.7.0-3.20211109gitb79fd91.el9.x86_64.rpm
    MD5: 07c9e39cb2ad98d9842518b022083187
    SHA-256: 38c0398d819f54e8dbd82012ad75ab5d1d6bf315f3d2fc9f78b0a93e9b34693b
    Size: 117.43 kB