Bug 2150830

Summary: rebase keylime to 6.5.2
Product: Red Hat Enterprise Linux 9 Reporter: Karel Srot <ksrot>
Component: keylimeAssignee: Sergio Correia <scorreia>
Status: CLOSED ERRATA QA Contact: Patrik Koncity <pkoncity>
Severity: medium Docs Contact: Jan Fiala <jafiala>
Priority: unspecified    
Version: 9.0CC: ansasaki, dueno, gfialova, jafiala, pkoncity, scorreia
Target Milestone: rcKeywords: Rebase, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: keylime-6.5.2-1.el9 Doc Type: Enhancement
Doc Text:
.Keylime rebased to 6.5.2 The `keylime` packages have been rebased to upstream version - keylime-6.5.2-5.el9. This version contains various enhancements and bug fixes, most notably the following: * Addressed vulnerability link:https://nvd.nist.gov/vuln/detail/CVE-2022-3500[CVE-2022-3500] * The Keylime agent no longer fails IMA attestation when one scripts is executed quickly after another link:https://bugzilla.redhat.com/show_bug.cgi?id=2138167[RHBZ#2138167] * Fixed segmentation fault in the `/usr/share/keylime/create_mb_refstate` script link:https://bugzilla.redhat.com/show_bug.cgi?id=2140670[RHBZ#2140670] * Registrar no longer crashes during EK validation when the `require_ek_cert` option is enabled link:https://bugzilla.redhat.com/show_bug.cgi?id=2142009[RHBZ#2142009]
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 07:45:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2135346, 2138167, 2140670, 2142009    

Description Karel Srot 2022-12-05 11:38:59 UTC 
Description of problem:

Rebase keylime to v6.5.2 in order to pull in the recent fixes and align with upstream test suite.

https://github.com/keylime/keylime/releases/tag/v6.5.2
Comment 2 Sergio Correia 2022-12-05 11:43:31 UTC 
Rebasing to 6.5.2 addresses the following issues:
- CVE-2022-3500
- bz2138167 - agent fails IMA attestation when one scripts is executed quickly after the other
- bz2140670 - Segmentation fault in /usr/share/keylime/create_mb_refstate script
- bz2142009 - Registrar may crash during EK validation when require_ek_cert is enabled
Comment 12 errata-xmlrpc 2023-05-09 07:45:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (keylime bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2307