Security update for libtpms SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3004-1 Final 1 1 2021-09-09T13:20:49Z current 2021-09-09T13:20:49Z 2021-09-09T13:20:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libtpms This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3004 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75RD2O2OFCMWPCMY5QMSZRNV5PG5BTS6/ E-Mail link for openSUSE-SU-2021:3004-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1189935 SUSE Bug 1189935 https://www.suse.com/security/cve/CVE-2021-3746/ SUSE CVE CVE-2021-3746 page openSUSE Leap 15.3 libtpms-devel-0.8.2-3.3.1 libtpms0-0.8.2-3.3.1 libtpms-devel-0.8.2-3.3.1 as a component of openSUSE Leap 15.3 libtpms0-0.8.2-3.3.1 as a component of openSUSE Leap 15.3 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. CVE-2021-3746 openSUSE Leap 15.3:libtpms-devel-0.8.2-3.3.1 openSUSE Leap 15.3:libtpms0-0.8.2-3.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75RD2O2OFCMWPCMY5QMSZRNV5PG5BTS6/ https://www.suse.com/security/cve/CVE-2021-3746.html CVE-2021-3746 https://bugzilla.suse.com/1189935 SUSE Bug 1189935