Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-140896

Rebase keylime to the latest upstream version

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • keylime-7.14.1-1.el10
    • No
    • Moderate
    • rhel-security-special-projects
    • 26
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Rebase
    • Hide
      Version: 7.14.1

      List of highlights:
      - Introduced the keylime push model (agent-driven attestation mode), providing enhanced agent-to-verifier communication capabilities
      - Added support for Elliptic Curve Cryptography (ECC) keys (curves P-192, P-224, P-256, P-384, P-521) from the TPM
      - Fixed file descriptor leak in keylime-policy when processing remote RPM repositories
      - Fixed keylime-policy --ima-measurement-list default value handling
      - Security fix for CVE-2025-13609: Fixed registrar vulnerability allowing identity takeover via duplicate UUID registration
      - Security fix for CVE-2026-1709: Fixed authentication bypass in administrative operations by enforcing client authentication
      Show
      Version: 7.14.1 List of highlights: - Introduced the keylime push model (agent-driven attestation mode), providing enhanced agent-to-verifier communication capabilities - Added support for Elliptic Curve Cryptography (ECC) keys (curves P-192, P-224, P-256, P-384, P-521) from the TPM - Fixed file descriptor leak in keylime-policy when processing remote RPM repositories - Fixed keylime-policy --ima-measurement-list default value handling - Security fix for CVE-2025-13609: Fixed registrar vulnerability allowing identity takeover via duplicate UUID registration - Security fix for CVE-2026-1709: Fixed authentication bypass in administrative operations by enforcing client authentication
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Description

      Rebase the keylime package to the latest upstream version to bring the push model implementation to RHEL 10.2.

      Goal

      The main goal of this rebase is to deliver the keylime push model implementation, which provides enhanced agent-to-verifier communication capabilities.

      Acceptance Criteria

      • Keylime package rebased to version that includes push model support
      • Push model functionality is available and functional in RHEL 10.2
      • All tests pass with the new version

              scorreia@redhat.com Sergio Correia
              scorreia@redhat.com Sergio Correia
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: