[USN-5933-1] Libtpms vulnerabilities
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Tue Mar 7 21:43:48 UTC 2023
==========================================================================
Ubuntu Security Notice USN-5933-1
March 07, 2023
libtpms vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Libtpms.
Software Description:
- libtpms: TPM emulation library
Details:
Francisco Falcon discovered that Libtpms did not properly manage memory
when performing certain cryptographic operations. An attacker could
possibly use this issue to cause a denial of service, or possibly execute
arbitrary code. (CVE-2023-1017, CVE-2023-1018)
It was discovered that Libtpms did not properly manage memory when
handling certain commands. An attacker could possibly use this issue
to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libtpms0 0.9.3-0ubuntu1.22.10.1
Ubuntu 22.04 LTS:
libtpms0 0.9.3-0ubuntu1.22.04.1
After a standard system update you need to restart any application
using Libtpms libraries to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5933-1
CVE-2023-1017, CVE-2023-1018, https://launchpad.net/bugs/2009608
Package Information:
https://launchpad.net/ubuntu/+source/libtpms/0.9.3-0ubuntu1.22.10.1
https://launchpad.net/ubuntu/+source/libtpms/0.9.3-0ubuntu1.22.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230307/725e7398/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list