Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 793764 (CVE-2021-3565) - app-crypt/tpm2-tools: tpm2_import uses a fixed AES key for the inner wrapper (CVE-2021-3565)
Summary: app-crypt/tpm2-tools: tpm2_import uses a fixed AES key for the inner wrapper ...
Status: RESOLVED FIXED
Alias: CVE-2021-3565
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-06-01 21:40 UTC by Christopher Byrne
Modified: 2021-06-21 22:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 John Helmert III gentoo-dev Security 2021-06-02 02:32:40 UTC
Thanks for the report!
Comment 2 John Helmert III gentoo-dev Security 2021-06-20 23:08:26 UTC
Whoops, bungled this bug a bit at first and forgot to CC maintainer.

The fixes are slated for 4.3.2 and 5.1.1. Unfortunately not yet released for some reason.
Comment 3 John Helmert III gentoo-dev Security 2021-06-21 15:25:40 UTC
4.3.2 and 5.1.1 are released, please bump.
Comment 4 Larry the Git Cow gentoo-dev 2021-06-21 22:44:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8578a68b4ad71976a93a013423771b485739e1fa

commit 8578a68b4ad71976a93a013423771b485739e1fa
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2021-06-21 17:14:28 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-21 22:44:18 +0000

    app-crypt/tpm2-tools: Remove old
    
    Bug: https://bugs.gentoo.org/793764
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/21363
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest                 |  1 -
 app-crypt/tpm2-tools/tpm2-tools-5.0-r1.ebuild | 44 ---------------------------
 2 files changed, 45 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c32180a825c18a528b3fc9552cbfa261462eb971

commit c32180a825c18a528b3fc9552cbfa261462eb971
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2021-06-21 17:13:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-21 22:44:17 +0000

    app-crypt/tpm2-tools: Remove old
    
    Bug: https://bugs.gentoo.org/793764
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest                |  1 -
 app-crypt/tpm2-tools/tpm2-tools-4.3.1.ebuild | 44 ----------------------------
 2 files changed, 45 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=848547251ea0f10ad40220b7c8e661e31fb2c469

commit 848547251ea0f10ad40220b7c8e661e31fb2c469
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2021-06-21 17:13:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-21 22:44:16 +0000

    app-crypt/tpm2-tools: Bump to 5.1.1
    
    Bug: https://bugs.gentoo.org/793764
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest                |  1 +
 app-crypt/tpm2-tools/tpm2-tools-5.1.1.ebuild | 41 ++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee71fdfe9cc9631baacab3bcb5fa47ae2ef13247

commit ee71fdfe9cc9631baacab3bcb5fa47ae2ef13247
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2021-06-21 15:13:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-21 22:44:16 +0000

    app-crypt/tpm2-tools: Bump to 4.3.2
    
    Bug: https://bugs.gentoo.org/793764
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-crypt/tpm2-tools/Manifest                |  1 +
 app-crypt/tpm2-tools/tpm2-tools-4.3.2.ebuild | 44 ++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
Comment 5 Sam James archtester gentoo-dev Security 2021-06-21 22:44:54 UTC
All done, thanks!