ALSA-2024:9424

[ALSA-2024:9424] Low: tpm2-tools security update

Type:

security

Severity:

low

Release date:

2024-11-18

Description:

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module (TPM) 2.0 devices from user space.  

Security Fix(es):  

  * tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote (CVE-2024-29038)
  * tpm2-tools: pcr selection value is not compared with the attest (CVE-2024-29039)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tpm2-tools-5.2-4.el9.aarch64.rpm	3d5a6ed11c2f5cfc5b2ba111328c9ebc26be995d74fc22c86c91b2f25230815e
ppc64le	tpm2-tools-5.2-4.el9.ppc64le.rpm	0c3b0317a0601c1f4a3ec00f4d1fc5c43aed038c108186945818e4c5ed46667b
s390x	tpm2-tools-5.2-4.el9.s390x.rpm	e0cdc78f76cba3ef269818c6b6292c691219f4950f57bbadba82fbb4d077ef04
x86_64	tpm2-tools-5.2-4.el9.x86_64.rpm	c4a45b22f276d641b74b615f53bf3c55383d22dc6cdc42a51c7146a0c99522cd

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.