Описание
Security update for keylime
This update for keylime fixes the following issues:
- CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
keylime-agent-6.3.2-150400.4.14.1
keylime-config-6.3.2-150400.4.14.1
keylime-firewalld-6.3.2-150400.4.14.1
keylime-logrotate-6.3.2-150400.4.14.1
keylime-registrar-6.3.2-150400.4.14.1
keylime-tpm_cert_store-6.3.2-150400.4.14.1
keylime-verifier-6.3.2-150400.4.14.1
python3-keylime-6.3.2-150400.4.14.1
openSUSE Leap 15.4
keylime-agent-6.3.2-150400.4.14.1
keylime-config-6.3.2-150400.4.14.1
keylime-firewalld-6.3.2-150400.4.14.1
keylime-registrar-6.3.2-150400.4.14.1
keylime-tpm_cert_store-6.3.2-150400.4.14.1
keylime-verifier-6.3.2-150400.4.14.1
python3-keylime-6.3.2-150400.4.14.1
Ссылки
- Link for SUSE-SU-2022:4204-1
- E-Mail link for SUSE-SU-2022:4204-1
- SUSE Security Ratings
- SUSE Bug 1204782
- SUSE CVE CVE-2022-3500 page
Описание
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:keylime-agent-6.3.2-150400.4.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:keylime-config-6.3.2-150400.4.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:keylime-firewalld-6.3.2-150400.4.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:keylime-logrotate-6.3.2-150400.4.14.1
Ссылки
- CVE-2022-3500
- SUSE Bug 1204782