Fedora has issued an advisory on May 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/ Mageia 7 and 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOSource RPM: (none) => libtpms-0.7.4-0.20201031git2452a24dab.1.mga8.src.rpm
Hi, thanks for reporting this. Assigned to the package maintainer.
CC: (none) => ouaurelienAssignee: bugsquad => thierry.vignaudCVE: (none) => CVE-2021-3505
Fedora has issued an advisory on March 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/46YMIRHQHNKPCVNRVW4W27MFQQU7ZHHV/
Summary: libtpms new security issue CVE-2021-3505 => libtpms new security issues CVE-2021-3446 and CVE-2021-3505Severity: normal => major
The issues are fixed upstream in 0.8.2.
Status comment: (none) => Fixed upstream in 0.8.2
Fedora has issued an advisory today (July 1): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/ The issue is fixed upstream in 0.8.4. Mageia 8 is also affected (so is Mageia 7, but it's EOL).
Status comment: Fixed upstream in 0.8.2 => Fixed upstream in 0.8.4Whiteboard: MGA8TOO, MGA7TOO => MGA8TOOSummary: libtpms new security issues CVE-2021-3446 and CVE-2021-3505 => libtpms new security issues CVE-2021-3446, CVE-2021-3505, and CVE-2021-3623
Fedora has issued an advisory today (July 4): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DZI42OR3JUEGWRKEVCOHL2FPTJVYCYBT/ It fixes a couple more security issues (no CVEs given) that are fixed in upstream git.
Fedora has issued an advisory today (August 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7UCZ7AV2UKWYYCNZ2NLLXW7QYCX7K337/ It backports more upstream security fixes from 0.8.5.
Status comment: Fixed upstream in 0.8.4 => Fixed upstream in 0.8.5
openSUSE has issued an advisory on September 9: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75RD2O2OFCMWPCMY5QMSZRNV5PG5BTS6/ The issue is fixed upstream in 0.8.5.
Summary: libtpms new security issues CVE-2021-3446, CVE-2021-3505, and CVE-2021-3623 => libtpms new security issues CVE-2021-3446, CVE-2021-3505, CVE-2021-3623, CVE-2021-3746
Fedora has updated to 0.8.5 on September 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YVJSXDXD44WDR4VA2XL33IZDJTBGRXP7/
CC: (none) => luigiwalser
Fedora has issued an advisory on September 15: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7E3B6T5RBDKAWETDTW3WPORY3NK5IR46/ It includes a post-0.8.5 upstream fix.
updated in cauldron.
Whiteboard: MGA8TOO => (none)CC: (none) => mageiaVersion: Cauldron => 8
(In reply to Nicolas Lécureuil from comment #10) > updated in cauldron. to libtpms-0.9.1-1.mga9.
fixed in mga8: src: - libtpms-0.9.1-1.mga8 - swtpm-0.7.0-5.mga8
Status comment: Fixed upstream in 0.8.5 => (none)CC: (none) => thierry.vignaudAssignee: thierry.vignaud => qa-bugs
What is the swtpm update for? libtpms-devel-0.9.1-1.mga8 libtpms0-0.9.1-1.mga8 swtpm-tools-0.7.0-5.mga8 libwtpm_libtpms0-0.7.0-5.mga8 swtpm-0.7.0-5.mga8 swtpm-tools-pkcs11-0.7.0-5.mga8 libwtpm_libtpms-devel-0.7.0-5.mga8
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. No previous updates, no wiki, so started looking for a tutorial, and found https://en.opensuse.org/Software_TPM_Emulator_For_QEMU I've never ddoen anything with Qemu, the whole thing is way over my head. If someone else has an idea what to do with it,it's OK with me. Else I let itto TJ to OK iton clean install.
CC: (none) => herman.viaene
I dabbled at the edges of Qemu for an update test a few months back, but I never got beyond the most basic. A "software TPM Emulator" is far over my head, too. I'll give it a couple of days, and if no one shows up to try it, I'll OK on the clean install.
CC: (none) => andrewsfarm
Installed the following (which pulled in a lot more pkgs): lib64tpms0-0.7.4-0.20201031git2452a24dab.1.mga8 swtpm-0.5.2-2.mga8 swtpm-tools-0.5.2-2.mga8 swtpm-tools-pkcs11-0.5.2-2.mga8 lib64wtpm_libtpms0-0.5.2-2.mga8 Updated from updates-testing to: lib64tpms0-0.9.1-1.mga8 swtpm-0.7.0-5.mga8 swtpm-tools-0.7.0-5.mga8 swtpm-tools-pkcs11-0.7.0-5.mga8 lib64wtpm_libtpms0-0.7.0-5.mga8 Clinically OK for x64.
CC: (none) => lewyssmith
Validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0590.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CC: lewyssmith => (none)