[ALSA-2021:1627] Moderate: trousers security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-03-13
Description:
TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 trousers-0.3.15-1.el8.aarch64.rpm 126400510c072ab32fcb9eaf86a7e47a8b1b6e2aa6b1788e7addb2bc5900faf0
aarch64 trousers-lib-0.3.15-1.el8.aarch64.rpm 2b019f87be71acc90cbadb968e0e166880c8c1463d0f25dafb1a1b0586c19993
aarch64 trousers-devel-0.3.15-1.el8.aarch64.rpm ca6f1871fb3f3ad03ef57c20185c282dc74b9dabff65e8f72e250d98a3307f33
i686 trousers-lib-0.3.15-1.el8.i686.rpm 22f8dfd8ec13c10d0c29a9186f4c8b8029347d4f95131d0d4aa3d56b346c4a76
i686 trousers-devel-0.3.15-1.el8.i686.rpm 6caeaeb42292dcdeecace7d08cd46e28096f79028e4203a90abbec86055f1544
ppc64le trousers-lib-0.3.15-1.el8.ppc64le.rpm af480481181857612c5646b7e8f3fe944331f64e1e3ee2b50acd2e1e2575631f
ppc64le trousers-0.3.15-1.el8.ppc64le.rpm ece1a333df54101baffe344def88130cbd248fc50231592e293c3391ad8c53b6
ppc64le trousers-devel-0.3.15-1.el8.ppc64le.rpm f30a26243feb4a11d975853d828c6bd9a3f0dda1779cb6946837e374c46f4b08
x86_64 trousers-lib-0.3.15-1.el8.x86_64.rpm 2842483c72ada955b37d3d7008765d169683c6c6602a31cad4a7dabfe0d6e4d5
x86_64 trousers-lib-0.3.15-1.el8.x86_64.rpm 2842483c72ada955b37d3d7008765d169683c6c6602a31cad4a7dabfe0d6e4d5
x86_64 trousers-0.3.15-1.el8.x86_64.rpm 8e3dac15189762e5ca0f8984d315b78a3d471849af52ee8168d1c7e45a9c0b4c
x86_64 trousers-devel-0.3.15-1.el8.x86_64.rpm da3bfc3f80060dc54f67c3b0e558267a7bc2f1587c99a5ae71a97d7ba5758f91
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.