Updated tpm2-tss packages fix security vulnerability

🗓️ 14 Feb 2023 22:43:23Reported by Gentoo FoundationType

Updated tpm2-tss packages fix security vulnerability. Tss2_RC_SetHandler and Tss2_RC_Decode index into layer_handler with an 8-bit layer number, causing buffer overflow (CVE-2023-22745

Reporter	Title	Published	Views	Family All 117
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	27 May 202523:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in tpm2-tss library (CVE-2023-22745) affects Power HMC.	10 Sep 202415:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:18	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.	2 Apr 202411:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.	16 Jan 202419:45	–	ibm
Tenable Nessus	Amazon Linux 2023 : tpm2-tss, tpm2-tss-devel (ALAS2023-2023-110)	21 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0006: tpm2-tss (ALINUX3-SA-2024:0006)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : tpm2-tss (CESA-2023:7166)	14 Nov 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2023-1773)	8 May 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2023-1795)	7 May 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	8	any	tpm2-tss	3.2.2-1	tpm2-tss-3.2.2-1.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/[email protected]/thread/GDNOV2RNQ7XMOQZ3PV7PHYP2FMJHV2AB/
github	www.github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67

14 Feb 2023 22:43Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.4

EPSS0.00519

SSVC