-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.6
-
None
-
keylime-7.3.0-15.el9
-
Yes
-
Moderate
-
1
-
rhel-security-special-projects
-
ssg_security
-
27
-
2
-
QE ack, Dev ack
-
False
-
False
-
-
Yes
-
SECENGSP Cycle 14
-
Pass
-
Enabled
-
Automated
-
Release Note Not Required
-
Covered by
RHEL-78313
-
-
All
-
None
What were you trying to do that didn't work?
This error is due to python-requests update:
- Fri Jan 10 2025 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-9
- Security fix for CVE-2024-35195
Resolves: RHEL-37609A consequence of this fix is that keylime revocation notifier gets broken.
We have already encountered this issue on RHEL-10 https://issues.redhat.com/browse/RHEL-45478 but in the end had to fix/workaround it in keylime.
This is now the same issue on RHEL-9.
What is the impact of this issue to you?
revocation notifier cannot connect over TLS.
Please provide the package NVR for which the bug is seen:
keylime-7.3.0-13.el9_3.x86_64
python3-requests-2.25.1-9.el9.noarch
How reproducible is this bug?:
always
Steps to reproduce
- with keylime /functional/basic-attestation-with-custom-certificates test
Expected results
TLS connection works
Actual results
TLS connection doesn't work
- links to
-
RHBA-2025:145682
keylime update