Overview

File _patchinfo of Package patchinfo.7497

<patchinfo incident="7497">
  <issue id="964408" tracker="bnc">[Miaoli_ X3250M6_Skylake ][OSEnab] The system will auto reboot when select tboot kernel in SLES12</issue>
  <issue id="967441" tracker="bnc">stack overflow in tboot when memory logging is active causes TXT boot to fail</issue>
  <issue id="1068390" tracker="bnc">VUL-0: CVE-2017-16837: tboot: Certain function pointers in Trusted Boot (tboot) through 1.9.6 are notvalidated and can cause arbitrary code execution, which allows local users tooverwrite dynamic PCRs of Trusted Platform Module (TPM) by h</issue>
  <issue id="1041264" tracker="bnc">GCC 7: tboot fails to build</issue>
  <issue id="981948" tracker="bnc">SLES12.2Beta1 default kernel without tboot on RD650_MLK</issue>
  <issue id="1067229" tracker="bnc">tboot fails to build with OpenSSL 1.1 on SLE-15</issue>
  <issue id="2017-16837" tracker="cve" />
  <issue id="320665" tracker="FATE" />
  <issue id="321510" tracker="FATE" />
  <issue id="318542" tracker="FATE" />
  <category>security</category>
  <rating>important</rating>
  <packager>mgerstner</packager>
  <description>This update for tboot fixes the following issues:

Security issues fixed:

- CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390).
- Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229).

Bug fixes:

- Update to new upstream version.
  See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542):
  * https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG
- Fix some gcc7 warnings that lead to errors. (boo#1041264)
- Fix wrong pvops kernel config matching (boo#981948) 
- Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441)
- fixes a boot issue on Skylake (boo#964408)
- Trim filler words from description; use modern macros over shell vars.
- Add reproducible.patch to call gzip -n to make build fully reproducible.
</description>
  <summary>Security update for tboot</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places