Описание
ELSA-2023-5080: keylime security update (MODERATE)
[6.5.2-6]
- Fix registrar is subject to a DoS against SSL (CVE-2023-38200) Resolves: rhbz#2222694
- Fix challenge-protocol bypass during agent registration (CVE-2023-38201) Resolves: rhbz#2222695
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
keylime
6.5.2-6.el9_2
keylime-base
6.5.2-6.el9_2
keylime-registrar
6.5.2-6.el9_2
keylime-selinux
6.5.2-6.el9_2
keylime-tenant
6.5.2-6.el9_2
keylime-verifier
6.5.2-6.el9_2
python3-keylime
6.5.2-6.el9_2
Oracle Linux x86_64
keylime
6.5.2-6.el9_2
keylime-base
6.5.2-6.el9_2
keylime-registrar
6.5.2-6.el9_2
keylime-selinux
6.5.2-6.el9_2
keylime-tenant
6.5.2-6.el9_2
keylime-verifier
6.5.2-6.el9_2
python3-keylime
6.5.2-6.el9_2
Связанные CVE
Связанные уязвимости
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.