This update for keylime fixes the following issue
- CVE-2026-6420: use of hardcoded challenge nonce for TPM quote attestation allows for security bypass (bsc#1264265).
Changes for keylime:
- Update to version 7.14.2.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1037=1
- openSUSE Leap 16.0:
keylime-config-7.14.2-160000.1.1
keylime-firewalld-7.14.2-160000.1.1
keylime-logrotate-7.14.2-160000.1.1
keylime-registrar-7.14.2-160000.1.1
keylime-tenant-7.14.2-160000.1.1
keylime-tpm_cert_store-7.14.2-160000.1.1
keylime-verifier-7.14.2-160000.1.1
python313-keylime-7.14.2-160000.1.1
* bsc#1264265
References:
* https://www.suse.com/security/cve/CVE-2026-6420.html
Get the latest Linux and open source security news straight to your inbox.