<div class="container">
<h1>Security update for tpm2.0-tools, tpm2-0-tss</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20151-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-03-18T10:58:11Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223687">bsc#1223687</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223689">bsc#1223689</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223690">bsc#1223690</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-29038.html">CVE-2024-29038</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-29039.html">CVE-2024-29039</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-29040.html">CVE-2024-29040</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-29038</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-29039</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-29040</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves three vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for tpm2.0-tools, tpm2-0-tss fixes the following issues:</p>
<p>tpm2-0-tss:
Update to version 4.1:
+ Security
- CVE-2024-29040: arbitrary quote data may go undetected by Fapi_VerifyQuote (bsc#1223690)</p>
<ul>
<li>
<p>Fixed</p>
<ul>
<li>fapi: Fix length check on FAPI auth callbacks</li>
<li>mu: Correct error message for errors</li>
<li>tss2-rc: fix unknown laer handler dropping bits.</li>
<li>fapi: Fix deviation from CEL specification (template_value was used instead of template_data).</li>
<li>fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.</li>
<li>build: fix build fail after make clean.</li>
<li>mu: Fix unneeded size check in TPM2B unmarshaling.</li>
<li>fapi: Fix missing parameter encryption.</li>
<li>build: Fix failed build with --disable-vendor.</li>
<li>fapi: Fix flush of persistent handles.</li>
<li>fapi: Fix test provisioning with template with self generated certificate disabled.</li>
<li>fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.</li>
<li>fapi: Revert pcr extension for EV_NO_ACTION events.</li>
<li>fapi: Fix strange error messages if nv, ext, or policy path does not exits.</li>
<li>fapi: Fix segfault caused by wrong allocation of pcr policy.</li>
<li>esys: Fix leak in Esys_EvictControl for persistent handles.</li>
<li>tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.</li>
<li>esys: Add reference counting for Esys_TR_FromTPMPublic.</li>
<li>esys: Fix HMAC error if session bind key has an auth value with a trailing 0.</li>
<li>fapi: fix usage of self signed certificates in TPM.</li>
<li>fapi: Usage of self signed certificates.</li>
<li>fapi: A segfault after the error handling of non existing keys.</li>
<li>fapi: Fix several leaks.</li>
<li>fapi: Fix error handling for policy execution.</li>
<li>fapi: Fix usage of persistent handles (should not be flushed)</li>
<li>fapi: Fix test provisioning with template (skip test without self generated certificate).</li>
<li>fapi: Fix pcr extension for EV_NO_ACTION</li>
<li>test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile</li>
<li>tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set</li>
<li>fapi: Fix read large system eventlog (> UINT16_MAX).</li>
<li>esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0)</li>
<li>test: unit: tcti-libtpms: fix test failed at 32-bit platforms.</li>
<li>fapi: Fix possible null pointer dereferencing in Fapi_List.</li>
<li>sys: Fix size check in Tss2_Sys_GetCapability.</li>
<li>esys: Fix leak in Esys_TR_FromTPMPublic.</li>
<li>esys: fix unchecked return value in esys crypto.</li>
<li>fapi: Fix wrong usage of local variable in provisioning.</li>
<li>fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize.</li>
<li>fapi: Fix possible out of bound array access in IMA parser.</li>
<li>tcti device: Fix possible unmarshalling from uninitialized variable.</li>
<li>fapi: Fix error checking authorization of signing key.</li>
<li>fapi: Fix cleanup of policy sessions.</li>
<li>fapi: Eventlog H-CRTM events and different localities.</li>
<li>fapi: Fix missing synchronization of quote and eventlog.</li>
<li>faii: Fix invalid free in Fapi_Quote with empty eventlog.</li>
</ul>
</li>
<li>
<p>Added</p>
<ul>
<li>tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go.</li>
<li>mbedtls: add sha512 hmac.</li>
<li>fapi: Enable usage of external keys for Fapi_Encrypt.</li>
<li>fapi: Support download of AMD certificates.</li>
<li>tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module.</li>
<li>fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed.</li>
<li>rc: New TPM return codes added.</li>
<li>fapi: Further Nuvoton certificates added.</li>
<li>tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec.</li>
<li>tcti: Add '/dev/tcm0' to default conf</li>
<li>fapi: New Nuvoton certificates added.</li>
<li>esys: Fix leak in Esys_TR_FromTPMPublic.</li>
</ul>
</li>
<li>
<p>Removed</p>
<ul>
<li>Testing on Ubuntu 18.04 as it's near EOL (May 2023).</li>
</ul>
</li>
</ul>
<p>tpm2.0-tools:
Update to version 5.7:
+ Security
- CVE-2024-29038: arbitrary quote data may go undetected by tpm2_checkquote (bsc#1223687)
- CVE-2024-29039: pcr selection value is not compared with the attest (bsc#1223689)
+ Fixed
- Fix eventlog test
- Fix issues with reading NV indexes
- Fix context save error on tpm2_create
- tpm2_sessionconfig: fix handling of --disable-continue session so that the subsequent command will not fail
- when attempting to context save a flushed session.
- detection of functions within libcrypto when CRYPTO_LIBS is set and system has install libcrypto.
- tpm2_send: fix EOF detection on input stream.
- tpm2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
- tpm2_nvread: fix input handling no nv index.
- Auth file: Ensure 0-termination when reading auths from a file.
- configure.ac: fix bashisms. configure scripts need to be runnable with a POSIX-compliant /bin/sh.
- cirrus.yml fix tss compilation with libtpms for FreeBSD.
- tpm2_tool.c Fix missing include for basename to enable compilation on netbsd.
- options: fix TCTI handling to avoid failures for commands that should work with no options.
- tpm2_getekcertificate.c Fix leak. ek_uri was not freed if get_ek_server_address failed.
+ Added
- Add the possibility for autoflush (environment variable "TPM2TOOLS_AUTOFLUSH", or -R option)
+ Removed
- Testing on Ubuntu 18.04 as it's near EOL (May 2023).m2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
- tpm2_nvread: fix input handling no nv index.</p>
<ul>
<li>Update to version 5.6<ul>
<li>tpm2_eventlog:</li>
<li>add H-CRTM event support</li>
<li>add support of efivar versions less than 38</li>
<li>Add support to check for efivar/efivar.h manually</li>
<li>Minor formatting fixes</li>
<li>tpm2_eventlog: add support for replay with different StartupLocality</li>
<li>Fix pcr extension for EV_NO_ACTION</li>
<li>Extend test of yaml string representation</li>
<li>Use helper for printing a string dump</li>
<li>Fix upper bound on unique data size</li>
<li>Fix YAML string formatting</li>
<li>tpm2_policy:</li>
<li>Add support for parsing forward seal TPM values</li>
<li>Use forward seal values in creating policies</li>
<li>Move dgst_size in evaluate_populate_pcr_digests()</li>
<li>Allow more than 8 PCRs for sealing</li>
<li>Move dgst_size in evaluate_populate_pcr_digests</li>
<li>Allow more than 8 PCRs for sealing</li>
<li>Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs</li>
<li>tpm2_encryptdecrypt: Fix pkcs7 padding stripping</li>
<li>tpm2_duplicate:</li>
<li>Support -a option for attributes</li>
<li>Add --key-algorithm option</li>
<li>tpm2_encodeobject: Use the correct -O option instead of -C</li>
<li>tpm2_unseal: Add qualifier static to enhance the privacy of unseal
function</li>
<li>tpm2_sign:</li>
<li>Remove -m option which was added mistakenly</li>
<li>Revert sm2 sign and verifysignature</li>
<li>tpm2_createek:</li>
<li>Correct man page example</li>
<li>Fix usage of nonce</li>
<li>Fix integrating nonce</li>
<li>tpm2_clear: add more details about the action</li>
<li>tpm2_startauthsession: allow the file attribute for policy
authorization.</li>
<li>tpm2_getekcertificate: Add AMD EK support</li>
<li>tpm2_ecdhzgen: Add public-key parameter</li>
<li>tpm2_nvreadpublic: Prevent free of unallocated pointers on failure</li>
<li>Bug-fixes:</li>
<li>The readthedocs build failed with module 'jinja2' has no
attribute 'contextfilter' a requirement file was added to fix
this problem</li>
<li>An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa
implementation. This error can be avoided by switching off the
optimization with pragma</li>
<li>Changed wrong function name of "Esys_Load" to "Esys_Load"</li>
<li>Function names beginning with Esys_ are wrongly written as Eys_</li>
<li>Reading and writing a serialized persistent ESYS_TR handles</li>
<li>cirrus-ci update image-family to freebsd-13-2 from 13-1</li>
<li>misc:</li>
<li>Change the default Python version to Python3 in the helper's code</li>
<li>Skip test which uses the sign operator for comparison in
abrmd_policynv.sh</li>
<li>tools/tr_encode: Add a tool that can encode serialized ESYS_TR
for persistent handles from the TPM2B_PUBLIC and the raw
persistent TPM2_HANDLE</li>
<li>Add safe directory in config</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-250=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
<ul>
<li>libtss2-tcti-spidev0-4.1.0-1.1</li>
<li>tpm2.0-tools-5.7-1.1</li>
<li>libefivar1-debuginfo-38-3.1</li>
<li>libtss2-tcti-device0-4.1.0-1.1</li>
<li>tpm2-0-tss-4.1.0-1.1</li>
<li>libtss2-esys0-4.1.0-1.1</li>
<li>tpm2-0-tss-debugsource-4.1.0-1.1</li>
<li>tpm2.0-tools-debuginfo-5.7-1.1</li>
<li>libtss2-sys1-4.1.0-1.1</li>
<li>tpm2.0-tools-debugsource-5.7-1.1</li>
<li>libtss2-rc0-4.1.0-1.1</li>
<li>libtss2-tctildr0-4.1.0-1.1</li>
<li>libtss2-fapi-common-4.1.0-1.1</li>
<li>libtss2-rc0-debuginfo-4.1.0-1.1</li>
<li>libtss2-esys0-debuginfo-4.1.0-1.1</li>
<li>libefivar1-38-3.1</li>
<li>libtss2-fapi1-debuginfo-4.1.0-1.1</li>
<li>libtss2-tcti-spidev0-debuginfo-4.1.0-1.1</li>
<li>libtss2-tctildr0-debuginfo-4.1.0-1.1</li>
<li>libtss2-fapi1-4.1.0-1.1</li>
<li>libtss2-tcti-spi-helper0-4.1.0-1.1</li>
<li>libtss2-mu0-4.1.0-1.1</li>
<li>libtss2-tcti-spi-helper0-debuginfo-4.1.0-1.1</li>
<li>libtss2-sys1-debuginfo-4.1.0-1.1</li>
<li>libtss2-mu0-debuginfo-4.1.0-1.1</li>
<li>efivar-debugsource-38-3.1</li>
<li>libtss2-tcti-device0-debuginfo-4.1.0-1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-29038.html">https://www.suse.com/security/cve/CVE-2024-29038.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-29039.html">https://www.suse.com/security/cve/CVE-2024-29039.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-29040.html">https://www.suse.com/security/cve/CVE-2024-29040.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223687">https://bugzilla.suse.com/show_bug.cgi?id=1223687</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223689">https://bugzilla.suse.com/show_bug.cgi?id=1223689</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1223690">https://bugzilla.suse.com/show_bug.cgi?id=1223690</a>
</li>
</ul>
</div>