drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in TPM2
Name: |
Zwei Probleme in TPM2 |
|
ID: |
USN-6796-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10, Ubuntu 24.04 LTS |
|
Datum: |
Mi, 29. Mai 2024, 23:41 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29040 |
|
Applikationen: |
TPM2 |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7022852419500049883== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------vwwW8zSFeDSisCl8pYcpyp7X"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------vwwW8zSFeDSisCl8pYcpyp7X Content-Type: multipart/mixed; boundary="------------roUI0kRFnAgfOrmEhFjEPkIb"; protected-headers="v1" From: Federico Quattrin <federico.quattrin@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <2de443c2-da32-4560-9ed8-51c3bed482c2@canonical.com> Subject: [USN-6796-1] TPM2 Software Stack vulnerabilities
--------------roUI0kRFnAgfOrmEhFjEPkIb Content-Type: multipart/mixed; boundary="------------k0XhKXHkKLk0p7HqKkMw0mk8"
--------------k0XhKXHkKLk0p7HqKkMw0mk8 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6796-1 May 29, 2024
tpm2-tss vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in TPM2 Software Stack.
Software Description: - tpm2-tss: TPM2 Software Stack library
Details:
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745)
Jurgen Repp and Andreas Fuchs discovered that TPM2 Software Stack did not validate the quote data after deserialization. An attacker could generate an arbitrary quote and cause TPM2 Software Stack to have unknown behavior. (CVE-2024-29040)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04 LTS libtss2-esys-3.0.2-0t64 4.0.1-7.1ubuntu5.1 libtss2-fapi1t64 4.0.1-7.1ubuntu5.1 libtss2-mu-4.0.1-0t64 4.0.1-7.1ubuntu5.1 libtss2-policy0t64 4.0.1-7.1ubuntu5.1 libtss2-rc0t64 4.0.1-7.1ubuntu5.1 libtss2-sys1t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-cmd0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-device0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-libtpms0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-mssim0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-pcap0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-spi-helper0t64 4.0.1-7.1ubuntu5.1 libtss2-tcti-swtpm0t64 4.0.1-7.1ubuntu5.1 libtss2-tctildr0t64 4.0.1-7.1ubuntu5.1
Ubuntu 23.10 libtss2-esys-3.0.2-0 4.0.1-3ubuntu1.1 libtss2-fapi1 4.0.1-3ubuntu1.1 libtss2-mu0 4.0.1-3ubuntu1.1 libtss2-policy0 4.0.1-3ubuntu1.1 libtss2-rc0 4.0.1-3ubuntu1.1 libtss2-sys1 4.0.1-3ubuntu1.1 libtss2-tcti-cmd0 4.0.1-3ubuntu1.1 libtss2-tcti-device0 4.0.1-3ubuntu1.1 libtss2-tcti-libtpms0 4.0.1-3ubuntu1.1 libtss2-tcti-mssim0 4.0.1-3ubuntu1.1 libtss2-tcti-pcap0 4.0.1-3ubuntu1.1 libtss2-tcti-spi-helper0 4.0.1-3ubuntu1.1 libtss2-tcti-swtpm0 4.0.1-3ubuntu1.1 libtss2-tctildr0 4.0.1-3ubuntu1.1
Ubuntu 22.04 LTS libtss2-esys-3.0.2-0 3.2.0-1ubuntu1.1 libtss2-fapi1 3.2.0-1ubuntu1.1 libtss2-mu0 3.2.0-1ubuntu1.1 libtss2-rc0 3.2.0-1ubuntu1.1 libtss2-sys1 3.2.0-1ubuntu1.1 libtss2-tcti-cmd0 3.2.0-1ubuntu1.1 libtss2-tcti-device0 3.2.0-1ubuntu1.1 libtss2-tcti-mssim0 3.2.0-1ubuntu1.1 libtss2-tcti-swtpm0 3.2.0-1ubuntu1.1 libtss2-tctildr0 3.2.0-1ubuntu1.1
Ubuntu 20.04 LTS libtss2-esys0 2.3.2-1ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6796-1 CVE-2023-22745, CVE-2024-29040
Package Information: https://launchpad.net/ubuntu/+source/tpm2-tss/4.0.1-7.1ubuntu5.1 https://launchpad.net/ubuntu/+source/tpm2-tss/4.0.1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/tpm2-tss/3.2.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/tpm2-tss/2.3.2-1ubuntu0.20.04.2
--------------k0XhKXHkKLk0p7HqKkMw0mk8 Content-Type: application/pgp-keys; name="OpenPGP_0x703AAD91046CD76E.asc" Content-Disposition: attachment; filename="OpenPGP_0x703AAD91046CD76E.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGYUCwcBCADePknZsI3jVCSYTZlTCqJ3mqJoaiNyxyz7rRXxhJIfWNnutXI7 IdI8e/9xORO+hC3efLRn1ZMluxQIhcVo5mBsKSeaWRNqmza+8lMaGrNBrBnL/dmP gQLQJDF/aNEGt5rgr41Ckg28kYknxpXiStN7O+8tZYeEnPRaVd1aiSXvl0xijccZ cpFm0oSlqMw2SQiujr8iunXHHDrF7yW9pQ5u5aIVxvBikzUakCz3WYdAy592hI3Q J2+5a7ByR5YG0PxJXePaEKTBEgRLfEi+Q891J4I1L3t+ZWDA1x1l56AQJbzKT5xz kgzJZ6VECdNwiECkjQ7EA/BJrirqRBnqypqtABEBAAHNM0ZlZGVyaWNvIFF1YXR0 cmluIDxmZWRlcmljby5xdWF0dHJpbkBjYW5vbmljYWwuY29tPsLAjgQTAQoAOBYh BCscPcjoCqmp+/5PtnA6rZEEbNduBQJmFAsHAhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAAAoJEHA6rZEEbNduFY0H/39060yxwRt8ctMAIc20msDGUjOJ23z4QkIC SpocEnQdJAVNtG63ndlmiuNE+FPkRQniWbkd6nBeK302KuA8rD0C8xOknrtMwwiN 0vO69EtZZ3dUCkM6uB9YV/YZOsjhdL1DOkEGzwGbmNrpSNWQ24RwvjU7a19EtRvO Ty4AhzouUxaEH6nyJsQ8GzbTva3QhKN6hypWUfeBed5rpdQmq+Rk79oy1YjQlLPo IbuwXJXEBE94/+vuriGQEA8E4S6QrokrrEQWfdGmYFR6UqXQ1YpffoCCUFlUWyKU H6bvGgdu8TKbacd8E5mvPKO+UWGIA4p5EwaRkdu/CXjoqsGhcPjOwE0EZhQLBwEI ANSQiRO2jf6yMhHTTlyHM6z4siVyJ7YAgpc8pPxtzPtijr/K4lUWqr9+mj7FBF5F YbwG6DPWmm1n6vG5JmhT3+57MxOR9Z4smqD0v+48F1UD+2M7LQjUWNA0Z/QmQapL qdVn24qKl7ONiw79iykkg1e0Ruzju3Ri6lg6+ehakAYlNFqmTTVIDNcw6rTiVfMi WcumRDBxg/giTERjzkh0R5lZN6buybitEqKNTKQm3UYkxzT6EDl13wmPU0L+PO2Z RhgEAy6y2ubhnAnAJAlb+m2If04pjM1d3CILmilEew7t5j2pTzyDKdYpbjiEcz+Y bVGfFzOinbeYezZUjci4BD0AEQEAAcLAdgQYAQoAIBYhBCscPcjoCqmp+/5PtnA6 rZEEbNduBQJmFAsHAhsMAAoJEHA6rZEEbNduWvMIAI16CZMlL78YVwl/jhV6npfX 0M1YMGJa/D5Fp+df02gXwQAhnAZM0fVDR3T+qNGFEYbLOWsAD6feERXaE9L7fH6G i2j+GV82b461nXfl5MT22o5UlT9iq2GUM5rGrL8LIcbt6ypdGpcOmasC6W3FM/eg iHx7O4VZYukGvtx+mdznFUusE3y7PIdFx8cUcCPuTHPTZXkQiFapEsF45BEmhOdx 5nUZEC+cDd3S1WRpYpSoAE7bNGhNiu6YiWUtrNSt7+Ri2qSA499uEJyNxVLzY8DU d38osSWIfGAFJb8+chdhNOnJOUg0NYacyvcOIDsmzYpxP69fbbLgbonATayFcLk=3D =3DSlBa -----END PGP PUBLIC KEY BLOCK-----
--------------k0XhKXHkKLk0p7HqKkMw0mk8--
--------------roUI0kRFnAgfOrmEhFjEPkIb--
--------------vwwW8zSFeDSisCl8pYcpyp7X Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEKxw9yOgKqan7/k+2cDqtkQRs124FAmZXVHAFAwAAAAAACgkQcDqtkQRs127p Rgf+NGbS11BNlwwoe85FcH0/KCIUE2RozQjZ/S/X6wlQd/WdLVYSwzmc7unm44FgLjObmz8Sd0xu ZKUI8jPBP2oHyKJjhNB/JKw/MaM1GAdOBhCIp0KwR9V3Y6kpsVBE0C342dxEaH8IOevKA6bUAkRU GVe6gl0x8KrX7JmRPD7msLOUI20UBiXJqlpXXnCk82jvBUvbOWTRw7/2kEfFqtGf0qPM4yI/NpwR bVPSRQWuYWwdyfwrVODr80dOWzB8/sbQ4OcHBrzXYUehHnB0mYSg+Ms4T0yluvBrJYct+lMX5kFw t5ZP6+asfNX4KaW/Vle8eUc5cIN65LX1qKBj2yQq0A== =eQLx -----END PGP SIGNATURE-----
--------------vwwW8zSFeDSisCl8pYcpyp7X--
--===============7022852419500049883== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============7022852419500049883==--
|
|
|
|