keylime-6.5.2-6.el9.ML.1

エラータID: AXSA:2023-6400:04

Release date: 
Wednesday, September 20, 2023 - 04:52
Subject: 
keylime-6.5.2-6.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.

Security Fix(es):

* keylime: registrar is subject to a DoS against SSL connections (CVE-2023-38200)
* Keylime: challenge-response protocol bypass during agent registration (CVE-2023-38201)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-38200
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Solution: 

Update packages.

CVEs: 
CVE-2023-38200
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Additional Info: 

N/A

Download: 

SRPMS
  1. keylime-6.5.2-6.el9.ML.1.src.rpm
    MD5: df67a93e630090632279d92deb397891
    SHA-256: b3dc8b8cd3abcf6b42f935ef703b579524d9964658912c9d586a054c7db2d7ae
    Size: 9.33 MB

Asianux Server 9 for x86_64
  1. keylime-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: 10d6f50322203e76e1c7d53ac2ae3db1
    SHA-256: 54064f96696fde3b297f00c6aabe09446339709e3bb28d8e92e4d5e559fc49d5
    Size: 13.04 kB
  2. keylime-base-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: c33de805a7e34468f67715efd6f932c9
    SHA-256: 47d3e25d493610289d51c6e32b1305b1905e0818be9b1ff64988fea514abcb75
    Size: 59.15 kB
  3. keylime-registrar-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: 8f69c03f62c8eba1a8d9072a152e0072
    SHA-256: 11b7f8165a7796336b3cff6e7d40be7802ebc38248ac3b6344c2837599474c43
    Size: 16.06 kB
  4. keylime-selinux-6.5.2-6.el9.ML.1.noarch.rpm
    MD5: ecf27cd9ea198d758b713e63901862ca
    SHA-256: ff6a394a0fc25803a8b2ae01e6e3b9eb58e58e21a588def48ab204bb872b8984
    Size: 23.08 kB
  5. keylime-tenant-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: e3580cfec36eb54eb69dee0d96763297
    SHA-256: 996efb64ea070d43dbad47cc25343c52fb464d966d09871d5fa43a1b4d52a108
    Size: 15.67 kB
  6. keylime-verifier-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: 1397bb5455bbb3811a87f8b0bc942117
    SHA-256: c6954eeb17722e9f863c1eddb90cea9ddb649f787c750fcdc42292357949b1d4
    Size: 17.87 kB
  7. python3-keylime-6.5.2-6.el9.ML.1.x86_64.rpm
    MD5: ba46dff616a34880fc1a6192c3a6a11b
    SHA-256: 3ee9b36aa24812d38e3dfe0177790438ba490fe48433763eb86dd71d2532bf55
    Size: 339.00 kB