Safety Announcement Details

NS-SA-2024-0065

2024-09-03 09:34:51

Introduction

important: tpm2-tools/vim security update

Severity Level

important

Theme

An update for tpm2-tools/vim is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

Description

tpm2-tools:
vim:


Security Fix(es):
tpm2-tools: A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-3565)
tpm2-tools: bugfix
vim: A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3796)
vim: A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3778)
vim: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.

Impact Components

  • tpm2-tools
  • vim

Impact Product

  • CGSL MAIN 6.02

Update Package

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["tpm2-tools-4.1.1-5.el8.x86_64.rpm"],"source":"tpm2-tools-4.1.1-5.el8.src.rpm"},{"binary":["vim-filesystem-8.0.1763-16.el8.noarch.rpm","vim-minimal-8.0.1763-16.el8.x86_64.rpm","vim-common-8.0.1763-16.el8.x86_64.rpm","vim-enhanced-8.0.1763-16.el8.x86_64.rpm"],"source":"vim-8.0.1763-16.el8.src.rpm"}]}]}
CGSL MAIN 6.02
  • tpm2-tools-4.1.1-5.el8.src.rpm
    • tpm2-tools-4.1.1-5.el8.x86_64.rpm
  • vim-8.0.1763-16.el8.src.rpm
    • vim-filesystem-8.0.1763-16.el8.noarch.rpm
    • vim-minimal-8.0.1763-16.el8.x86_64.rpm
    • vim-common-8.0.1763-16.el8.x86_64.rpm
    • vim-enhanced-8.0.1763-16.el8.x86_64.rpm

CVE

Consult

© 2004-2023 Guangdong ZTE NewStart Technology Co., Ltd Copyright 粤ICP备15061780号-2

Hotline:400-033-0108