Updated tpm2-tools package fixes security vulnerability
Publication date: 16 Jul 2021Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3565
Description
A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality (CVE-2021-3565).
References
SRPMS
8/core
- tpm2-tools-5.0-1.1.mga8