-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libtpms security update Advisory ID: RHSA-2023:2453-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2453 Issue date: 2023-05-09 CVE Names: CVE-2023-1017 CVE-2023-1018 ==================================================================== 1. Summary: An update for libtpms is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, s390x, x86_64 3. Description: The libtpms is a library providing Trusted Platform Module (TPM) functionality for virtual machines. Security Fix(es): * tpm: TCG TPM2.0 implementations vulnerable to memory corruption (CVE-2023-1017) * tpm2: TCG TPM2.0 implementations vulnerable to memory corruption (CVE-2023-1018) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2149416 - CVE-2023-1017 tpm: TCG TPM2.0 implementations vulnerable to memory corruption 2149420 - CVE-2023-1018 tpm2: TCG TPM2.0 implementations vulnerable to memory corruption 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.src.rpm aarch64: libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.aarch64.rpm s390x: libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.s390x.rpm x86_64: libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm libtpms-debuginfo-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.i686.rpm libtpms-debugsource-0.9.1-3.20211126git1ff6fe1f43.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-1017 https://access.redhat.com/security/cve/CVE-2023-1018 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo1pdzjgjWX9erEAQh3qQ/+M/roKHQ3wrzDIVF5SZfh+m4tQMjSH4iy 0FrqTGOz1x5UAoLLMWJhN7Z9ZKPgFS+K2Mbh9it+rSQ0+TBTIBuLIjjGytcn3w4+ Ibjs6/DLw0kKFHKXmL87UPSqIzbPKNY3Joj3Vo7I5h4tMTVOJHaNsseabwElP9o4 5oY7pBdCcw2W2vfm6xoHHkHHm+N/ugU8j/K15pFsTbuAzjEkPuWt9NgAsm4C8z9m 2aMYBPQ9QTJqEkUHEEFMJPAY6ZoKxovNBqaixTTt0+TXo33rJS0CqSTqhsLd6W6Z +OiUcBbUhWUb5GZveLDudgDw+RjUXL5lsTgmIc4A2T9/N95lEbOVnXh3GrYc6ZHC 9Vcm1yq25dP3ZJl8pRDODnKi/8G14A9AzgqKSMyuzrrJLnonQKOWxPg9ue/K9hCS 8VCSrz2QZiO9aKYiPxOBt0XO/UCV9V3ntduCRZq/mjoGyybfDYuYZAvwjNM7R/qq PnqbaNiQuls1EyFgEgN8OHAfZE+4B2g+7ErdfJn6Kzpvh/bENdx6LrqKNnfgq4Gm AdeM8EcFSK2Dv1N/SxXQPzUs6au8Vw7Ka3e1lqyVCyunbNoJtO7gjPfclzLaVde4 vKeoL11gLjLsyYFhUDkDR751As+8pTAxgpJqy+ufjT2+d8dACD23yFOqvx4SM75C p4gNpEHqsrw=HxeZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce