Описание
Security update for keylime
This update for keylime fixes the following issues:
- Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895):
- CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895)
Список пакетов
openSUSE Leap 16.0
keylime-config-7.14.0+0-160000.1.1
keylime-firewalld-7.14.0+0-160000.1.1
keylime-logrotate-7.14.0+0-160000.1.1
keylime-registrar-7.14.0+0-160000.1.1
keylime-tenant-7.14.0+0-160000.1.1
keylime-tpm_cert_store-7.14.0+0-160000.1.1
keylime-verifier-7.14.0+0-160000.1.1
python313-keylime-7.14.0+0-160000.1.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1257895
- SUSE CVE CVE-2026-1709 page
Описание
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Затронутые продукты
openSUSE Leap 16.0:keylime-config-7.14.0+0-160000.1.1
openSUSE Leap 16.0:keylime-firewalld-7.14.0+0-160000.1.1
openSUSE Leap 16.0:keylime-logrotate-7.14.0+0-160000.1.1
openSUSE Leap 16.0:keylime-registrar-7.14.0+0-160000.1.1
Ссылки
- CVE-2026-1709
- SUSE Bug 1257895