Security update for tpm2-0-tss

Announcement ID:	SUSE-SU-2024:1605-1
Rating:	moderate
References:	bsc#1223690
Cross-References:	CVE-2024-29040
CVSS scores:	CVE-2024-29040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:	openSUSE Leap 15.3

An update that solves one vulnerability can now be installed.

Description:

This update for tpm2-0-tss fixes the following issues:

CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1605=1

Package List:

openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
- libtss2-sys0-2.4.5-150300.3.9.1
- libtss2-esys0-2.4.5-150300.3.9.1
- libtss2-tcti-device0-debuginfo-2.4.5-150300.3.9.1
- tpm2-0-tss-debugsource-2.4.5-150300.3.9.1
- libtss2-fapi0-debuginfo-2.4.5-150300.3.9.1
- libtss2-sys0-debuginfo-2.4.5-150300.3.9.1
- libtss2-tctildr0-debuginfo-2.4.5-150300.3.9.1
- tpm2-0-tss-devel-2.4.5-150300.3.9.1
- tpm2-0-tss-2.4.5-150300.3.9.1
- libtss2-rc0-2.4.5-150300.3.9.1
- libtss2-rc0-debuginfo-2.4.5-150300.3.9.1
- libtss2-esys0-debuginfo-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-2.4.5-150300.3.9.1
- libtss2-tcti-device0-2.4.5-150300.3.9.1
- libtss2-mu0-debuginfo-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-debuginfo-2.4.5-150300.3.9.1
- libtss2-fapi0-2.4.5-150300.3.9.1
- libtss2-tctildr0-2.4.5-150300.3.9.1
- libtss2-mu0-2.4.5-150300.3.9.1
openSUSE Leap 15.3 (x86_64)
- libtss2-tcti-device0-32bit-2.4.5-150300.3.9.1
- libtss2-esys0-32bit-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-32bit-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-32bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-sys0-32bit-2.4.5-150300.3.9.1
- libtss2-sys0-32bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-mu0-32bit-2.4.5-150300.3.9.1
- libtss2-esys0-32bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-mu0-32bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-tcti-device0-32bit-debuginfo-2.4.5-150300.3.9.1
openSUSE Leap 15.3 (aarch64_ilp32)
- libtss2-tcti-device0-64bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-esys0-64bit-2.4.5-150300.3.9.1
- libtss2-mu0-64bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-esys0-64bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-mu0-64bit-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-64bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-sys0-64bit-debuginfo-2.4.5-150300.3.9.1
- libtss2-tcti-mssim0-64bit-2.4.5-150300.3.9.1
- libtss2-tcti-device0-64bit-2.4.5-150300.3.9.1
- libtss2-sys0-64bit-2.4.5-150300.3.9.1

Security update for tpm2-0-tss

Description:

Patch Instructions:

Package List:

References: