Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310856130HistoryMay 13, 2024 - 12:00 a.m.
openSUSE: Security Advisory for tpm2 (SUSE-SU-2024:1605-1)
2024-05-1300:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
3
opensuse leap 15.3
tpm2
cve-2024-29040
update
package
vulnerability
solution
greenbone ag
4.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.856130");
script_version("2024-05-16T05:05:35+0000");
script_cve_id("CVE-2024-29040");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"creation_date", value:"2024-05-13 01:00:44 +0000 (Mon, 13 May 2024)");
script_name("openSUSE: Security Advisory for tpm2 (SUSE-SU-2024:1605-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.3");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:1605-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/NQB7GA33FZRMPC5SNOUTSV5S2KVNDQEJ");
script_tag(name:"summary", value:"The remote host is missing an update for the 'tpm2'
package(s) announced via the SUSE-SU-2024:1605-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for tpm2-0-tss fixes the following issues:
* CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote
(bsc#1223690).
##");
script_tag(name:"affected", value:"'tpm2' package(s) on openSUSE Leap 15.3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.3") {
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0", rpm:"libtss2-sys0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0", rpm:"libtss2-esys0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-debuginfo", rpm:"libtss2-tcti-device0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss-debugsource", rpm:"tpm2-0-tss-debugsource~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-fapi0-debuginfo", rpm:"libtss2-fapi0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-debuginfo", rpm:"libtss2-sys0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tctildr0-debuginfo", rpm:"libtss2-tctildr0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss-devel", rpm:"tpm2-0-tss-devel~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss", rpm:"tpm2-0-tss~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-rc0", rpm:"libtss2-rc0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-rc0-debuginfo", rpm:"libtss2-rc0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-debuginfo", rpm:"libtss2-esys0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0", rpm:"libtss2-tcti-mssim0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0", rpm:"libtss2-tcti-device0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-debuginfo", rpm:"libtss2-mu0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-debuginfo", rpm:"libtss2-tcti-mssim0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-fapi0", rpm:"libtss2-fapi0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tctildr0", rpm:"libtss2-tctildr0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0", rpm:"libtss2-mu0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-32bit", rpm:"libtss2-tcti-device0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-32bit", rpm:"libtss2-esys0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-32bit", rpm:"libtss2-tcti-mssim0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-32bit-debuginfo", rpm:"libtss2-tcti-mssim0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-32bit", rpm:"libtss2-sys0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-32bit-debuginfo", rpm:"libtss2-sys0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-32bit", rpm:"libtss2-mu0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-32bit-debuginfo", rpm:"libtss2-esys0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-32bit-debuginfo", rpm:"libtss2-mu0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-32bit-debuginfo", rpm:"libtss2-tcti-device0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-64bit-debuginfo", rpm:"libtss2-tcti-device0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-64bit", rpm:"libtss2-esys0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-64bit-debuginfo", rpm:"libtss2-mu0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-64bit-debuginfo", rpm:"libtss2-esys0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-64bit", rpm:"libtss2-mu0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-64bit-debuginfo", rpm:"libtss2-tcti-mssim0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-64bit-debuginfo", rpm:"libtss2-sys0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-64bit", rpm:"libtss2-tcti-mssim0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-64bit", rpm:"libtss2-tcti-device0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-64bit", rpm:"libtss2-sys0-64bit~2.4.5~150300.3.9.1##", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0", rpm:"libtss2-sys0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0", rpm:"libtss2-esys0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-debuginfo", rpm:"libtss2-tcti-device0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss-debugsource", rpm:"tpm2-0-tss-debugsource~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-fapi0-debuginfo", rpm:"libtss2-fapi0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-debuginfo", rpm:"libtss2-sys0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tctildr0-debuginfo", rpm:"libtss2-tctildr0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss-devel", rpm:"tpm2-0-tss-devel~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tpm2-0-tss", rpm:"tpm2-0-tss~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-rc0", rpm:"libtss2-rc0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-rc0-debuginfo", rpm:"libtss2-rc0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-debuginfo", rpm:"libtss2-esys0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0", rpm:"libtss2-tcti-mssim0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0", rpm:"libtss2-tcti-device0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-debuginfo", rpm:"libtss2-mu0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-debuginfo", rpm:"libtss2-tcti-mssim0-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-fapi0", rpm:"libtss2-fapi0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tctildr0", rpm:"libtss2-tctildr0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0", rpm:"libtss2-mu0~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-32bit", rpm:"libtss2-tcti-device0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-32bit", rpm:"libtss2-esys0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-32bit", rpm:"libtss2-tcti-mssim0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-32bit-debuginfo", rpm:"libtss2-tcti-mssim0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-32bit", rpm:"libtss2-sys0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-32bit-debuginfo", rpm:"libtss2-sys0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-32bit", rpm:"libtss2-mu0-32bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-32bit-debuginfo", rpm:"libtss2-esys0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-32bit-debuginfo", rpm:"libtss2-mu0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-32bit-debuginfo", rpm:"libtss2-tcti-device0-32bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-64bit-debuginfo", rpm:"libtss2-tcti-device0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-64bit", rpm:"libtss2-esys0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-64bit-debuginfo", rpm:"libtss2-mu0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-esys0-64bit-debuginfo", rpm:"libtss2-esys0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-mu0-64bit", rpm:"libtss2-mu0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-64bit-debuginfo", rpm:"libtss2-tcti-mssim0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-64bit-debuginfo", rpm:"libtss2-sys0-64bit-debuginfo~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-mssim0-64bit", rpm:"libtss2-tcti-mssim0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-tcti-device0-64bit", rpm:"libtss2-tcti-device0-64bit~2.4.5~150300.3.9.1", rls:"openSUSELeap15.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtss2-sys0-64bit", rpm:"libtss2-sys0-64bit~2.4.5~150300.3.9.1##", rls:"openSUSELeap15.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
mageia
mageia
Updated tpm2-tss packages fix security vulnerabilities
2024-05-09 05:40:29
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0171)
2024-05-09 00:00:00
openSUSE: Security Advisory for tpm2 (SUSE-SU-2024:1635-1)
2024-05-24 00:00:00
Ubuntu: Security Advisory (USN-6796-1)
2024-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2024-29040
2024-04-30 00:00:00
alpinelinux
alpinelinux
CVE-2024-29040
2024-06-28 21:15:02
debiancve
debiancve
CVE-2024-29040
2024-06-28 21:15:02
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2024-29040
2024-06-28 21:15:02
redhatcve
redhatcve
CVE-2024-29040
2024-05-01 07:28:52
nvd
nvd
CVE-2024-29040
2024-06-28 21:15:02
osv
osv
tpm2-tss vulnerabilities
2024-05-28 22:05:15
ubuntu
ubuntu
TPM2 Software Stack vulnerabilities
2024-05-29 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)
2024-05-29 00:00:00
Fedora 39 : tpm2-tools / tpm2-tss (2024-4512dc54af)
2024-05-14 00:00:00
Fedora 38 : tpm2-tools / tpm2-tss (2024-3265d70b61)
2024-05-14 00:00:00
redos
redos
ROS-20240611-02
2024-06-11 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: tpm2-tools-5.7-1.fc40
2024-05-02 01:58:38
[SECURITY] Fedora 38 Update: tpm2-tss-4.0.2-1.fc38
2024-05-14 01:33:17
[SECURITY] Fedora 39 Update: tpm2-tss-4.0.2-1.fc39
2024-05-14 03:28:24
4.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for OPENVAS:1361412562310856130