-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: keylime security update Advisory ID: RHSA-2022:8444-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8444 Issue date: 2022-11-15 CVE Names: CVE-2022-3500 ==================================================================== 1. Summary: An update for keylime is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fix(es): * keylime: exception handling and impedance match in tornado_requests (CVE-2022-3500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2135343 - CVE-2022-3500 keylime: exception handling and impedance match in tornado_requests 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: keylime-6.5.1-1.el9_1.src.rpm aarch64: keylime-6.5.1-1.el9_1.aarch64.rpm keylime-base-6.5.1-1.el9_1.aarch64.rpm keylime-registrar-6.5.1-1.el9_1.aarch64.rpm keylime-tenant-6.5.1-1.el9_1.aarch64.rpm keylime-verifier-6.5.1-1.el9_1.aarch64.rpm python3-keylime-6.5.1-1.el9_1.aarch64.rpm noarch: keylime-selinux-6.5.1-1.el9_1.noarch.rpm ppc64le: keylime-6.5.1-1.el9_1.ppc64le.rpm keylime-base-6.5.1-1.el9_1.ppc64le.rpm keylime-registrar-6.5.1-1.el9_1.ppc64le.rpm keylime-tenant-6.5.1-1.el9_1.ppc64le.rpm keylime-verifier-6.5.1-1.el9_1.ppc64le.rpm python3-keylime-6.5.1-1.el9_1.ppc64le.rpm s390x: keylime-6.5.1-1.el9_1.s390x.rpm keylime-base-6.5.1-1.el9_1.s390x.rpm keylime-registrar-6.5.1-1.el9_1.s390x.rpm keylime-tenant-6.5.1-1.el9_1.s390x.rpm keylime-verifier-6.5.1-1.el9_1.s390x.rpm python3-keylime-6.5.1-1.el9_1.s390x.rpm x86_64: keylime-6.5.1-1.el9_1.x86_64.rpm keylime-base-6.5.1-1.el9_1.x86_64.rpm keylime-registrar-6.5.1-1.el9_1.x86_64.rpm keylime-tenant-6.5.1-1.el9_1.x86_64.rpm keylime-verifier-6.5.1-1.el9_1.x86_64.rpm python3-keylime-6.5.1-1.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3500 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3PgttzjgjWX9erEAQiMFBAAqFGbOnWWwPppV6CHR08CPghxuJa8YD4r AGVgVzUnPWOMpV7bJKcTDI8t/+0r8SIomwoXJIlPAnkcPgR+BLnBqyC2FwuIHGuh wfwmYGsocm5+EwlseDjDK0omRiOqjW585euYDf0Iaro2ap5ldMs/0tIwWms0gPxc MY/3WUekGjX+RqRY0at1DWFQQ85s86nsLIVRCn4x/0LBflqYL/QST90y7CY8ygBa zXW4HTodk5w/Ia2wWAzPEbWyePqhnjPBrapN3Us9zYoLSyV5vxedARJMdmyETm9/ 2TmN52GxCmWYg3zyH8wB8oE4eg0Z09GL9ohqZC2VS2Jnxg2kZv38sf/F6/oWrkT1 /ydxzhhuNHpWT/DWHIxlYo0ZTGxwIGDLuWCsJ19ete7+keER8wVfKBEGknP1vtZZ UQlclXBloZS08ZuQz3rG9Fzf3VG9pr+Aqg8vn/PYj5GYofIx43naKLqqwiTEiswG rcp5Qnh9NPYq0J3Na+HK3Qi6MIiZELqw+VVSGrtEzS0gQ4obBbvPvWdGhUnjr8ZY hA7cXUe+9BfsDvrlWtEddFRxhQx8AepYBJQRH5N4/U5DiiIPhrZHKCSoaFeqvRht 3uw4203VyQFqQ64234biv2a2PInl9VGLtAazXkN7EZNI9vF0b761rTRC9A8DGBaP jZAEtCXrst4=sK0f -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce