GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jul 07, 2021 9:26 am Post subject: [ GLSA 202107-10 ] TCG TPM2 Software Stack |
 |
|
Gentoo Linux Security Advisory
Title: TCG TPM2 Software Stack: Information disclosure (GLSA 202107-10)
Severity: normal
Exploitable: local
Date: 2021-07-07
Bug(s): #746563
ID: 202107-10
Synopsis
A bug in TCG TPM2 Software Stack may result in information
disclosure to a local attacker.
Background
TCG TPM2 Software Stack is a library to interface with trusted platform
modules.
Affected Packages
Package: app-crypt/tpm2-tss
Vulnerable: < 2.4.3
Unaffected: >= 2.4.3
Architectures: All supported architectures
Description
TCG TPM2 Software Stack did not appropriately apply FAPI policies to
protect data encrypted with the trusted platform module.
Impact
Data encrypted using TCG TPM2 Software Stack (tpm2-tss) may not be
protected from an attacker.
Workaround
There is no known workaround at this time.
Resolution
All tpm2-tss users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/tpm2-tss-2.4.3"
|
References
CVE-2020-24455 |
|
News & Announcements
