Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-78418

Rebase keylime in RHEL 9.7 to at least 7.12.x

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.7
    • rhel-9.6
    • keylime
    • keylime-7.12.1-2.el9
    • No
    • Important
    • Rebase
    • 2
    • rhel-security-special-projects
    • ssg_security
    • 18
    • 5
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 20, SECENGSP Cycle 21
    • Rebase
    • Hide
      .Keylime rebased to version 7.12.1

      The Keylime packages have been rebased to upstream version 7.12.1. The most important fixes and enhancements include:

      * Implemented security fix for CVE-2025-1057 addressing vulnerability of the registrar component when updated to version 7.12.0.
      * Added support for named measured boot policies, which makes policy organization easier.
      * Fixed resource handling in webhook operations.
      * Fixed certificate generation to follow the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) standards according to RFC 5280.
      Show
      .Keylime rebased to version 7.12.1 The Keylime packages have been rebased to upstream version 7.12.1. The most important fixes and enhancements include: * Implemented security fix for CVE-2025-1057 addressing vulnerability of the registrar component when updated to version 7.12.0. * Added support for named measured boot policies, which makes policy organization easier. * Fixed resource handling in webhook operations. * Fixed certificate generation to follow the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) standards according to RFC 5280.
    • Done
    • Done
    • Done
    • None

      Keylime in RHEL 9.x is a bit old (mostly due to RHEL-9 having python 3.9 and it being incompatible with some recent upstream changes in Keylime) and it would be interestingd to have a newer version, ideally, the same one we have in RHEL-10, so we would have the same set of features/fixes available.

              scorreia@redhat.com Sergio Correia
              scorreia@redhat.com Sergio Correia
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Zuzana Fantini Zoubkova Zuzana Fantini Zoubkova
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: