{"id":"MGASA-2021-0590","summary":"Updated libtpms/swtpm packages fix security vulnerability","details":"CryptSym: fix AES output IV (CVE-2021-3505).\nFixed a context save and suspend/resume problem when public keys are\nloaded.\nReset too large size indicators in TPM2B to avoid access beyond buffer\n(CVE-2021-3623)\nRestore original value in buffer if unmarshalled one was illegal\nFixed out-of-bounds access via specially crafted TPM 2 command packets\n(CVE-2021-3746)\nMarshal event sequence objects' hash state\n","modified":"2026-02-01T07:12:59.607458Z","published":"2021-12-30T16:41:51Z","related":["CVE-2021-3446","CVE-2021-3505","CVE-2021-3623","CVE-2021-3746"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0590.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28882"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/46YMIRHQHNKPCVNRVW4W27MFQQU7ZHHV/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DZI42OR3JUEGWRKEVCOHL2FPTJVYCYBT/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7UCZ7AV2UKWYYCNZ2NLLXW7QYCX7K337/"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75RD2O2OFCMWPCMY5QMSZRNV5PG5BTS6/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YVJSXDXD44WDR4VA2XL33IZDJTBGRXP7/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7E3B6T5RBDKAWETDTW3WPORY3NK5IR46/"}],"affected":[{"package":{"name":"libtpms","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libtpms?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0590.json"}},{"package":{"name":"swtpm","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/swtpm?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.0-5.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0590.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}