Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:1139

Опубликовано: 10 мая 2024
Источник: rocky
Оценка: Low

Описание

Low: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.

Security Fix(es):

  • keylime: Attestation failure when the quote's signature does not validate (CVE-2023-3674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
keylimex86_6413.el9_3keylime-7.3.0-13.el9_3.x86_64.rpm
keylime-basex86_6413.el9_3keylime-base-7.3.0-13.el9_3.x86_64.rpm
keylime-registrarx86_6413.el9_3keylime-registrar-7.3.0-13.el9_3.x86_64.rpm
keylime-selinuxnoarch13.el9_3keylime-selinux-7.3.0-13.el9_3.noarch.rpm
keylime-tenantx86_6413.el9_3keylime-tenant-7.3.0-13.el9_3.x86_64.rpm
keylime-verifierx86_6413.el9_3keylime-verifier-7.3.0-13.el9_3.x86_64.rpm
python3-keylimex86_6413.el9_3python3-keylime-7.3.0-13.el9_3.x86_64.rpm

Показывать по

Связанные CVE

Исправления

Связанные уязвимости

CVSS3: 2.3
redhat
около 2 лет назад

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

CVSS3: 2.3
nvd
около 2 лет назад

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

CVSS3: 2.3
github
около 2 лет назад

keylime fails to flag device as untrusted when signature does not validate

oracle-oval
больше 1 года назад

ELSA-2024-1139: keylime security update (LOW)