Описание
Security update for keylime
This update for keylime fixes the following issues:
- CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity (bsc#1254199).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server 15 SP4-LTSS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server 15 SP5-LTSS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server 15 SP6-LTSS
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
openSUSE Leap 15.6
keylime-agent-6.3.2-150400.4.23.1
keylime-config-6.3.2-150400.4.23.1
keylime-firewalld-6.3.2-150400.4.23.1
keylime-logrotate-6.3.2-150400.4.23.1
keylime-registrar-6.3.2-150400.4.23.1
keylime-tpm_cert_store-6.3.2-150400.4.23.1
keylime-verifier-6.3.2-150400.4.23.1
python3-keylime-6.3.2-150400.4.23.1
Ссылки
- Link for SUSE-SU-2026:0217-1
- E-Mail link for SUSE-SU-2026:0217-1
- SUSE Security Ratings
- SUSE Bug 1254199
- SUSE CVE CVE-2025-13609 page
Описание
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:keylime-agent-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:keylime-config-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:keylime-firewalld-6.3.2-150400.4.23.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:keylime-logrotate-6.3.2-150400.4.23.1
Ссылки
- CVE-2025-13609
- SUSE Bug 1254199