tpm2-tss-2.3.2-5.el8

エラータID: AXSA:2023-7284:03

リリース日: 
2023/12/26 Tuesday - 01:17
題名: 
tpm2-tss-2.3.2-5.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

以下項目について対処しました。

[Security Fix]
- tpm2-tss には、メモリ領域の範囲外アクセスの問題があるため、
ローカルの攻撃者により、任意のコードの実行を可能とする脆弱性
が存在します。(CVE-2023-22745)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. tpm2-tss-2.3.2-5.el8.src.rpm
    MD5: 0510e7eb55dc960ba201e6ee4bb0f8b8
    SHA-256: f75da9de61c5f882cc2ef406519fe09767f7be611c4932093dad515ac5ab9559
    Size: 1.07 MB

Asianux Server 8 for x86_64
  1. tpm2-tss-2.3.2-5.el8.i686.rpm
    MD5: ed036344ed812fd80aef312ab392cae6
    SHA-256: 7cefd19bedf682bd3f023a8821f79e71a555365aef689f278435f72e01a866b6
    Size: 233.39 kB
  2. tpm2-tss-2.3.2-5.el8.x86_64.rpm
    MD5: 46f480775f79ac4d50b6c85615adeecb
    SHA-256: a0ae7d4f20a7c1341134346b92240a14e834f6d3239bd30790a0d02fdc32cc2d
    Size: 274.16 kB
  3. tpm2-tss-devel-2.3.2-5.el8.i686.rpm
    MD5: f14739b0797c60a83dfdb16ebe589ca5
    SHA-256: 7f3db028898e88649b08dad50a7b60a3806bfb44189ce20c48a72b055d28dd4c
    Size: 242.20 kB
  4. tpm2-tss-devel-2.3.2-5.el8.x86_64.rpm
    MD5: e985b4fd3d500395c323cfc27e401c7a
    SHA-256: 71526bc4fdb73af5c77a551ad96d8cf1e90cca5053184a82e56d649bdf568eed
    Size: 242.21 kB