Security update for tboot SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:3100-1 Final 1 1 2017-11-25T19:58:43Z current 2017-11-25T19:58:43Z 2017-11-25T19:58:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tboot This update for tboot fixes the following issues: Security issues fixed: - CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390). - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229). Bug fixes: - Update to new upstream version. See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542): * https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG - Fix some gcc7 warnings that lead to errors. (boo#1041264) - Fix wrong pvops kernel config matching (boo#981948) - Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441) - fixes a boot issue on Skylake (boo#964408) - Trim filler words from description; use modern macros over shell vars. - Add reproducible.patch to call gzip -n to make build fully reproducible. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00039.html E-Mail link for openSUSE-SU-2017:3100-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 tboot-20170711_1.9.6-7.1 tboot-20170711_1.9.6-7.1 as a component of openSUSE Leap 42.2 tboot-20170711_1.9.6-7.1 as a component of openSUSE Leap 42.3 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. CVE-2017-16837 openSUSE Leap 42.2:tboot-20170711_1.9.6-7.1 openSUSE Leap 42.3:tboot-20170711_1.9.6-7.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00039.html https://www.suse.com/security/cve/CVE-2017-16837.html CVE-2017-16837 https://bugzilla.suse.com/1068390 SUSE Bug 1068390 https://bugzilla.suse.com/889339 SUSE Bug 889339