Your message dated Sun, 19 Feb 2023 05:04:00 +0000
with message-id <e1ptbrk-00btu0...@fasolo.debian.org>
and subject line Bug#1029369: fixed in tpm2-tss 3.2.1-3
has caused the Debian Bug report #1029369,
regarding tpm2-tss: CVE-2023-22745
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1029369: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029369
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tpm2-tss
Version: 3.2.1-2
Severity: normal
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for tpm2-tss.
CVE-2023-22745[0]:
| tpm2-tss is an open source software implementation of the Trusted
| Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack
| (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode`
| both index into `layer_handler` with an 8 bit layer number, but the
| array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to
| add a handler for higher-numbered layers or decode a response code
| with such a layer number reads/writes past the end of the buffer. This
| Buffer overrun, could result in arbitrary code execution. An example
| attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC.
| Given the common use case of TPM modules an attacker must have local
| access to the target machine with local system privileges which allows
| access to the TPM system. Usually TPM access requires administrative
| privilege.
Given the context, usually TPM accessing already implying
administrative privilege, I guess we can consider the security impact
negligible or at least minor. Filling the bug mainly for tracking
downstream the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-22745
https://www.cve.org/CVERecord?id=CVE-2023-22745
[1]
https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5
[2]
https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tpm2-tss
Source-Version: 3.2.1-3
Done: Ying-Chun Liu (PaulLiu) <paul...@debian.org>
We believe that the bug you reported is fixed in the latest version of
tpm2-tss, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1029...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ying-Chun Liu (PaulLiu) <paul...@debian.org> (supplier of updated tpm2-tss
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Feb 2023 12:18:52 +0800
Source: tpm2-tss
Architecture: source
Version: 3.2.1-3
Distribution: unstable
Urgency: low
Maintainer: Mathieu Trudel-Lapierre <cypher...@ubuntu.com>
Changed-By: Ying-Chun Liu (PaulLiu) <paul...@debian.org>
Closes: 1029369
Changes:
tpm2-tss (3.2.1-3) unstable; urgency=low
.
* Backport upstream commit 306490c8d848c367
- Fix CVE-2023-22745 (Closes: #1029369)
Checksums-Sha1:
e4d346fedb6e4ea2038e5f12eac211198792eff6 2940 tpm2-tss_3.2.1-3.dsc
991b6b4ba70bb0256c933fb996d4506808597205 17108 tpm2-tss_3.2.1-3.debian.tar.xz
1df198428b50f97969a3ef75bcc752c153c033bf 7837 tpm2-tss_3.2.1-3_source.buildinfo
Checksums-Sha256:
878d496e96fb79c19f950649e9a15552dc4fdab8f4ffb64140c2f7209be577e2 2940
tpm2-tss_3.2.1-3.dsc
f9fa77bd23c93bbed3152805f4662d91dbb08afe2cc65440f3c326efd697900d 17108
tpm2-tss_3.2.1-3.debian.tar.xz
3adf7a8b0d062fa461830dc5c06ea432b8eef29c470b563ae3ded253ca635e71 7837
tpm2-tss_3.2.1-3_source.buildinfo
Files:
f1e344efaa4e053087295eec1caff9f2 2940 libs optional tpm2-tss_3.2.1-3.dsc
002de84fac56439ada544b6809bd1d1a 17108 libs optional
tpm2-tss_3.2.1-3.debian.tar.xz
5c5899e2c88189cf82beefb4363b1f9f 7837 libs optional
tpm2-tss_3.2.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEo2h49GQQhoFgDLZIRBc/oT0FiIgFAmPxqmkTHHBhdWxsaXVA
ZGViaWFuLm9yZwAKCRBEFz+hPQWIiBMYD/9V7D5vai3RJhIdBrOXKL1yd6sYfPRI
8RQmICeJWPgZKMc67qmNK9HhYR+Wdohsg+nGijPJ4xUe2j8/llPotZxZtnM6EmkW
WI+6xnyDrBbOa7EsIjIOtZdgZIwJd8sfu0OuDwhhz9GauJEuVNkmELXm8XGnFqK7
W4wieDC442VDw8k6Ew6H4OV8Jmac446yiJzguOrBpDMnECCHTHkZtF1JNzDqwk4Y
dFDc78scsTooOlhgDsfh9jc+dyrb7rlwUamcbQGI/NrX16zxVddH1t2aQbaGtVRF
J8BzpMLDn1rAq/Awoldj5tMOzskEPTt0bQImIy1Cs+vqcbW3HaXfND/L1UbeI4B+
mTHuBchBYp5b/kiPjYDoqxUp3IFAeYCxAh0EALUgx0B4+vVOtBCJysuTynw+qVKf
v36REwWdPusOWiRyNpEF1s3tkep7rdjgIdJDFxsY9xyPR1UdSJf2nqQyvTIf3G22
+Sb8t5B++uWfsoUsIFrL91hO5jNussFDKMS9vI+KCH/OVHxNSR1DyrtpCs/GUt1t
IET+hYjjs+nvmWv5az40XROGzFW7t4xIv41nZhvwe3iJvv4Bj1cbe1QqoYX9IwVb
/m/X1tX5mbo3Pw5nuqf+cpm9/kdcp3okuWYOLrM5J127q/BUw6niPgBIFRvqV175
8mW8wu/U7YIAYA==
=KpSk
-----END PGP SIGNATURE-----
--- End Message ---