Headline
RHSA-2023:2453: Red Hat Security Advisory: libtpms security update
An update for libtpms is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1017: An out-of-bounds write vulnerability was found in the TPM 2.0’s Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope.
- CVE-2023-1018: An out-of-bound read vulnerability was found in the TPM 2.0’s Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
发布:
2023-05-09
已更新:
2023-05-09
RHSA-2023:2453 - Security Advisory
- 概述
- 更新的软件包
概述
Moderate: libtpms security update
类型/严重性
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for libtpms is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The libtpms is a library providing Trusted Platform Module (TPM) functionality for virtual machines.
Security Fix(es):
- tpm: TCG TPM2.0 implementations vulnerable to memory corruption (CVE-2023-1017)
- tpm2: TCG TPM2.0 implementations vulnerable to memory corruption (CVE-2023-1018)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
受影响的产品
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for ARM 64 9 aarch64
修复
- BZ - 2149416 - CVE-2023-1017 tpm: TCG TPM2.0 implementations vulnerable to memory corruption
- BZ - 2149420 - CVE-2023-1018 tpm2: TCG TPM2.0 implementations vulnerable to memory corruption
参考
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.src.rpm
SHA-256: 4bb93c710a972d0cf20b4a472852db3f6963b2e5df3777fe0ef362cee5f4c2a9
x86_64
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm
SHA-256: 923ff37192a3e28749633925ae13fe2f5cd3c5f35326bde9f5109f77214e5a22
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm
SHA-256: fa3cb1685e93212d1128dbb251744a0ef8a6c574cf4f0af74b73f24bc22cf2f0
libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm
SHA-256: 46a9d9c02ccb6eeee11485c4d994887418e49609122449c789f1e2c08f8b6a14
libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm
SHA-256: a9e97f4a3f74251ef942514d0278bdecbde36b046874d97c454baf827b7c9ddc
libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm
SHA-256: deef2cae99c7855587369e2cdb32e9d5a53c391b9e4689d4ad47c0602b147eb0
libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm
SHA-256: d0a6f6a9969dcb0d2550701fa743021e08718e1cde8dfc77ea99d28ab0bd48e0
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.src.rpm
SHA-256: 4bb93c710a972d0cf20b4a472852db3f6963b2e5df3777fe0ef362cee5f4c2a9
s390x
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm
SHA-256: c949585144bf04478934dde3859d4b5afa951e56ed5b9cad3076f2434fefe625
libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm
SHA-256: 71d42995d2599ae8ce708bf68f4146b2c6fc177445d0a1a588a2d9d26ef2e2f3
libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm
SHA-256: 11e2a8f5890525caecb4ebf050acec70a7df0b8771020716c829d31cbb749cb3
Red Hat Enterprise Linux for ARM 64 9
SRPM
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.src.rpm
SHA-256: 4bb93c710a972d0cf20b4a472852db3f6963b2e5df3777fe0ef362cee5f4c2a9
aarch64
libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm
SHA-256: ce7c14d0e0a6c823d886bc5b0ffbfe9a70667919655f0a2019e128b09f989a26
libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm
SHA-256: 3e53b1776c75fcc779b47e18cadcc85f869a83aae79ef2358a3732435499edaf
libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm
SHA-256: 011160b08634db3a63ee98c09e35d3fd47f27f216611a1c2d44d89b7e08be492
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46790: A vulnerability was found in NTFS-3G, specifically in the ntfsck utility. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. * CVE-2022-3165: An integer underflow issue was found in the QEMU VNC server while processing ClientCut...
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1017: An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. * CVE-2023-1018: An out-of-bound read v...
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1017: An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. * CVE-2023-1018: An out-of-bound read v...
Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239119 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI […]
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The
Ubuntu Security Notice 5933-1 - Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that Libtpms did not properly manage memory when handling certain commands. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5933-1 - Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that Libtpms did not properly manage memory when handling certain commands. An attacker could possibly use this issue to cause a denial of service.
A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the
A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.