SUSE-RU-2026:22633-1: moderate: Recommended update for keylime

SLE-UPDATES null at suse.de
Thu Jul 16 16:35:11 UTC 2026


# Recommended update for keylime

Announcement ID: SUSE-RU-2026:22633-1  
Release Date: 2026-07-11T20:40:04Z  
Rating: moderate  
References:

  
Affected Products:

  * SUSE Linux Enterprise Server 16.0
  * SUSE Linux Enterprise Server for SAP applications 16.0

  
  
An update that can now be installed.

## Description:

This update for keylime fixes the following issues:

  * Update to version 7.14.3:
    * tests:
      * Verify GET handler race condition fix with unit tests
      * Accept both error messages for invalid ECC points
      * Fix asyncio.Event() usage in shutdown tests
    * fix:
      * Handle concurrent agent deletion in verifier GET handler
      * Suppress type checker errors for compatibility import in types.py
      * Correct [A-z] regex in DM-IMA grammar STRING token
      * Update pre-commit isort to 8.0.1 to match tox
    * docs:
      * Empty refstate skips PCR replay and policy evaluation
      * Document qualifying data change for IAK certification in v2.6
    * tpm:
      * Use only policy's relevant PCRs for event log verification
      * Parse TPM2B_NAME with _unpackv instead of fixed-size slice
      * Refactor verify_aik_with_iak to use proper TPMS_ATTEST parsing
    * elparsing:
      * Harden stderr decoding for tpm2_eventlog
      * Check tpm2_eventlog exit code instead of stderr
    * DB: Increase evidence_items.agent_id column length
    * [Automatic] Update Keylime base image (2026-07-02, 2026-06-01)
    * CI: Use PR label to disable e2e tests through Packit
    * [CI] Split e2e CI testing to fast and full
    * api: Bump pull-mode API version to 2.6
    * registrar: Fix missing return after error in _bind_ak_to_iak
    * Fix mypy error and include runtime deps in test-requirements
    * Fix PUSH mode agent status tracking across restarts and recovery
    * Preserve FAIL status when timeout fires
    * Block PUSH mode FAIL to PASS auto-recovery
    * server: Add max_workers config to cap worker process count

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 16.0  
    zypper in -t patch SUSE-SLES-16.0-1216=1

  * SUSE Linux Enterprise Server for SAP applications 16.0  
    zypper in -t patch SUSE-SLES-16.0-1216=1

## Package List:

  * SUSE Linux Enterprise Server 16.0 (noarch)
    * keylime-config-7.14.3-160000.1.1
    * keylime-tenant-7.14.3-160000.1.1
    * keylime-logrotate-7.14.3-160000.1.1
    * python313-keylime-7.14.3-160000.1.1
    * keylime-registrar-7.14.3-160000.1.1
    * keylime-verifier-7.14.3-160000.1.1
    * keylime-firewalld-7.14.3-160000.1.1
    * keylime-tpm_cert_store-7.14.3-160000.1.1
  * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
    * keylime-config-7.14.3-160000.1.1
    * keylime-tenant-7.14.3-160000.1.1
    * python313-keylime-7.14.3-160000.1.1
    * keylime-logrotate-7.14.3-160000.1.1
    * keylime-registrar-7.14.3-160000.1.1
    * keylime-verifier-7.14.3-160000.1.1
    * keylime-firewalld-7.14.3-160000.1.1
    * keylime-tpm_cert_store-7.14.3-160000.1.1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260716/abd80e8d/attachment.htm>


More information about the sle-updates mailing list