31651 – libtpms new security issues CVE-2023-101[78]

Bug 31651 - libtpms new security issues CVE-2023-101[78]

Summary: libtpms new security issues CVE-2023-101[78]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-03-09 17:52 CET by David Walser
Modified:	2023-03-18 23:18 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	libtpms-0.9.1-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-09 17:52:46 CET

Ubuntu has issued an advisory on March 7:
https://ubuntu.com/security/notices/USN-5933-1

The issues are fixed upstream in 0.9.6.

Mageia 8 is also affected.

David Walser 2023-03-09 17:53:08 CET

Status comment: (none) => Fixed upstream in 0.9.6
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-03-09 20:12:12 CET

Assigning globally, but CC'ing neoclust who committed current v0.9.1 with lots of CVE corrections.

Assignee: bugsquad => pkg-bugs
CC: (none) => mageia

Comment 2 David Walser 2023-03-14 01:22:25 CET

Fedora has issued an advisory for this on March 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4WEJNRD36D3EOCZVXKGPDSJXA35DPPSE/

Comment 3 Nicolas Salguero 2023-03-16 13:49:21 CET

Hi,

Cauldron has version 0.9.6 since a few days.

Best regards,

Nico.

Source RPM: libtpms-0.9.1-2.mga9.src.rpm => libtpms-0.9.1-1.mga8.src.rpm
Version: Cauldron => 8
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)

Comment 4 Nicolas Salguero 2023-03-16 14:13:15 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017)

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1018
https://ubuntu.com/security/notices/USN-5933-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4WEJNRD36D3EOCZVXKGPDSJXA35DPPSE/
========================

Updated packages in core/updates_testing:
========================
lib(64)tpms0-0.9.6-1.mga8
lib(64)tpms-devel-0.9.6-1.mga8

from SRPM:
libtpms-0.9.6-1.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Status comment: Fixed upstream in 0.9.6 => (none)

Comment 5 Herman Viaene 2023-03-16 15:43:06 CET

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Found previous update 28882, got basically the OK, on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2023-03-16 19:56:11 CET

Validating. Advisory in comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-03-17 23:30:53 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-03-18 23:18:35 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0102.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.