ASA-202106-55 log generated external raw

[ASA-202106-55] tpm2-tools: man-in-the-middle
Arch Linux Security Advisory ASA-202106-55 ========================================== Severity: Low Date : 2021-06-22 CVE-ID : CVE-2021-3565 Package : tpm2-tools Type : man-in-the-middle Remote : No Link : Summary ======= The package tpm2-tools before version 5.1.1-1 is vulnerable to man-in- the-middle. Resolution ========== Upgrade to 5.1.1-1. # pacman -Syu "tpm2-tools>=5.1.1-1" The problem has been fixed upstream in version 5.1.1. Workaround ========== None. Description =========== A security issue was found in tpm2-tools before version 5.1.1. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a man-in-the-middle (MITM) attacker to unwrap the inner portion and reveal the key being imported. Impact ====== A local attacker could disclose the secret portion of a key while it is being imported into the TPM. References ==========