MGASA-2020-0417
- Source
- https://advisories.mageia.org/MGASA-2020-0417.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0417.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2020-0417
- Related
- Published
- 2020-11-13T21:20:36Z
- Modified
- 2020-11-13T20:35:59Z
- Summary
- Updated tpm2-tss packages fix a security vulnerability
- Details
-
FAPI PolicyPCR not instatiating correctly (CVE-2020-24455).
Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated.
The tpm2-tss package has been updated to version 2.4.3, which includes a fix for this issue and several other changes. See the upstream release announcements for details.
- References
-
- https://advisories.mageia.org/MGASA-2020-0417.html
- https://bugs.mageia.org/show_bug.cgi?id=27412
- https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
- https://github.com/tpm2-software/tpm2-tss/releases
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KBRTMYDRPQBDGNADVXGI745WGT2MGVOO/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / tpm2-tss
Package
- Name
- tpm2-tss
- Purl
- pkg:rpm/mageia/tpm2-tss?arch=source&distro=mageia-7