Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-2225

Опубликовано: 09 фев. 2026
Источник: oracle-oval
Платформа: Oracle Linux 10

Описание

ELSA-2026-2225: keylime security update (CRITICAL)

[7.12.1-16]

  • CVE-2026-1709: Registrar authentication bypass

[7.12.1-15]

  • Registrar allows identity takeover via duplicate UUID registration

[7.12.1-14]

  • Properly fix malformed TPM certificates workaround

[7.12.1-13]

  • Avoid opening /dev/stdout when printing

[7.12.1-12]

  • Fix malformed TPM certificates workaround

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

keylime

7.12.1-11.el10_1.4

keylime-base

7.12.1-11.el10_1.4

keylime-registrar

7.12.1-11.el10_1.4

keylime-selinux

7.12.1-11.el10_1.4

keylime-tenant

7.12.1-11.el10_1.4

keylime-tools

7.12.1-11.el10_1.4

keylime-verifier

7.12.1-11.el10_1.4

python3-keylime

7.12.1-11.el10_1.4

Oracle Linux x86_64

keylime

7.12.1-11.el10_1.4

keylime-base

7.12.1-11.el10_1.4

keylime-registrar

7.12.1-11.el10_1.4

keylime-selinux

7.12.1-11.el10_1.4

keylime-tenant

7.12.1-11.el10_1.4

keylime-tools

7.12.1-11.el10_1.4

keylime-verifier

7.12.1-11.el10_1.4

python3-keylime

7.12.1-11.el10_1.4

Связанные CVE

CVE-2026-1709

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2026-1709

CVSS3: 9.4
ubuntu
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

redhat логотип

CVE-2026-1709

CVSS3: 9.4
redhat
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

nvd логотип

CVE-2026-1709

CVSS3: 9.4
nvd
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

rocky логотип

RLSA-2026:2225

rocky
около 2 месяцев назад

Critical: keylime security update

rocky логотип

RLSA-2026:2224

rocky
около 2 месяцев назад

Critical: keylime security update