Advisories ยป MGASA-2021-0590

Updated libtpms/swtpm packages fix security vulnerability

Publication date: 30 Dec 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3446 , CVE-2021-3505 , CVE-2021-3623 , CVE-2021-3746

Description

CryptSym: fix AES output IV (CVE-2021-3505).
Fixed a context save and suspend/resume problem when public keys are
loaded.
Reset too large size indicators in TPM2B to avoid access beyond buffer
(CVE-2021-3623)
Restore original value in buffer if unmarshalled one was illegal
Fixed out-of-bounds access via specially crafted TPM 2 command packets
(CVE-2021-3746)
Marshal event sequence objects' hash state
                

References

SRPMS

8/core