Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2023.0102
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2023-0102)
Zusammenfassung:	The remote host is missing an update for the 'libtpms' package(s) announced via the MGASA-2023-0102 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libtpms' package(s) announced via the MGASA-2023-0102 advisory. Vulnerability Insight: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017) An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018) Affected Software/OS: 'libtpms' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-1017 CERT/CC Advisory VU#782720 https://kb.cert.org/vuls/id/782720 TCG Security Advisories https://trustedcomputinggroup.org/about/security/ TCG TPM2.0 Errata Version 1.4 https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf Common Vulnerability Exposure (CVE) ID: CVE-2023-1018
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.