SuSE Local Security Checks : openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.851652

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)

Zusammenfassung: The remote host is missing an update for the 'tboot'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'tboot'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for tboot fixes the following issues:

Security issues fixed:

- CVE-2017-16837: Fix tbootfailed to validate a number of immutable
function pointers, which could allow an attacker to bypass the chain of
trust and execute arbitrary code (boo#1068390).

- Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support
(boo#1067229).

Bug fixes:

- Update to new upstream version. See the referenced release notes for details (1.9.6
1.9.5, FATE#321510 1.9.4, FATE#320665 1.8.3, FATE#318542).

- Fix some gcc7 warnings that lead to errors. (boo#1041264)

- Fix wrong pvops kernel config matching (boo#981948)

- Fix an excessive stack usage pattern that could lead to resets/crashes
(boo#967441)

- fixes a boot issue on Skylake (boo#964408)

- Trim filler words from description use modern macros over shell vars.

- Add reproducible.patch to call gzip -n to make build fully reproducible.

Affected Software/OS:
tboot on openSUSE Leap 42.3, openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-16837

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.851652
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)
Zusammenfassung:	The remote host is missing an update for the 'tboot'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'tboot' package(s) announced via the referenced advisory. Vulnerability Insight: This update for tboot fixes the following issues: Security issues fixed: - CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390). - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229). Bug fixes: - Update to new upstream version. See the referenced release notes for details (1.9.6 1.9.5, FATE#321510 1.9.4, FATE#320665 1.8.3, FATE#318542). - Fix some gcc7 warnings that lead to errors. (boo#1041264) - Fix wrong pvops kernel config matching (boo#981948) - Fix an excessive stack usage pattern that could lead to resets/crashes (boo#967441) - fixes a boot issue on Skylake (boo#964408) - Trim filler words from description use modern macros over shell vars. - Add reproducible.patch to call gzip -n to make build fully reproducible. Affected Software/OS: tboot on openSUSE Leap 42.3, openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-16837
Copyright	Copyright (C) 2017 Greenbone Networks GmbH