安全公告详情

NS-SA-2025-0110

2025-07-25 16:49:52

简介

moderate: tpm2-tss/gtk2 security update

严重级别

moderate

主题

An update for tpm2-tss/gtk2 is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

tpm2-tss:
gtk2:


Security Fix(es):
tpm2-tss: A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.(CVE-2024-29040)
tpm2-tss: bugfix
gtk2: A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.(CVE-2024-6655)
gtk2: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.

影响组件

  • tpm2-tss
  • gtk2

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["tpm2-tss-4.0.1-4.zncgsl7.4.x86_64.rpm","tpm2-tss-devel-4.0.1-4.zncgsl7.4.x86_64.rpm"],"source":"tpm2-tss-4.0.1-4.zncgsl7.4.src.rpm"},{"binary":["gtk2-2.24.33-5.zncgsl7.4.x86_64.rpm","gtk2-devel-docs-2.24.33-5.zncgsl7.4.x86_64.rpm","gtk2-devel-2.24.33-5.zncgsl7.4.x86_64.rpm"],"source":"gtk2-2.24.33-5.zncgsl7.4.src.rpm"}]}]}

CVE

参考