openSUSE 16.0: Keylime Critical Issues CVE-2025-1057 2025-20159-1

opensuse

December 14, 2025

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for keylime fixes the following issues:

Update to version 7.13.0+40.

Security issues fixed:

- CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate

UUIDs (bsc#1254199).

- CVE-2025-1057: registrar denial-of-service due to backward incompatibility in database type handling (bsc#1237153).

Other issues fixed and changes:

- Version 7.13.0+40:

* Include new attestation information fields (#1818)

* Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823)

* push-model: require HTTPS for authentication and attestation endpoints

* Fix operational_state tracking in push mode attestations

* templates: add push model authentication config options to 2.5 templates

* Security: Hash authentication tokens in logs

* Fix stale IMA policy cache in verification

* Fix authentication behavior on failed attestations for push mode

* Add shared memory infrastructure for multiprocess communication

...

Read the Full Advisory

Topics Covered

security advisory denial of service critical OpenSUSE keylime registrar takeover

Patch

Package List

- openSUSE Leap 16.0:

keylime-config-7.13.0+40-160000.1.1

keylime-firewalld-7.13.0+40-160000.1.1

keylime-logrotate-7.13.0+40-160000.1.1

keylime-registrar-7.13.0+40-160000.1.1

keylime-tenant-7.13.0+40-160000.1.1

keylime-tpm_cert_store-7.13.0+40-160000.1.1

keylime-verifier-7.13.0+40-160000.1.1

python313-keylime-7.13.0+40-160000.1.1

References

* bsc#1237153

* bsc#1254199

References:

* https://www.suse.com/security/cve/CVE-2025-1057.html

* https://www.suse.com/security/cve/CVE-2025-13609.html

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2025-20159-1

Rating: critical

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory denial of service critical OpenSUSE keylime registrar takeover

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 16.0: Keylime Critical Issues CVE-2025-1057 2025-20159-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 16.0: Keylime Critical Issues CVE-2025-1057 2025-20159-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!