SUSE-RU-2026:22633-1: moderate: Recommended update for keylime
SLE-UPDATES
null at suse.de
Thu Jul 16 16:35:11 UTC 2026
# Recommended update for keylime
Announcement ID: SUSE-RU-2026:22633-1
Release Date: 2026-07-11T20:40:04Z
Rating: moderate
References:
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that can now be installed.
## Description:
This update for keylime fixes the following issues:
* Update to version 7.14.3:
* tests:
* Verify GET handler race condition fix with unit tests
* Accept both error messages for invalid ECC points
* Fix asyncio.Event() usage in shutdown tests
* fix:
* Handle concurrent agent deletion in verifier GET handler
* Suppress type checker errors for compatibility import in types.py
* Correct [A-z] regex in DM-IMA grammar STRING token
* Update pre-commit isort to 8.0.1 to match tox
* docs:
* Empty refstate skips PCR replay and policy evaluation
* Document qualifying data change for IAK certification in v2.6
* tpm:
* Use only policy's relevant PCRs for event log verification
* Parse TPM2B_NAME with _unpackv instead of fixed-size slice
* Refactor verify_aik_with_iak to use proper TPMS_ATTEST parsing
* elparsing:
* Harden stderr decoding for tpm2_eventlog
* Check tpm2_eventlog exit code instead of stderr
* DB: Increase evidence_items.agent_id column length
* [Automatic] Update Keylime base image (2026-07-02, 2026-06-01)
* CI: Use PR label to disable e2e tests through Packit
* [CI] Split e2e CI testing to fast and full
* api: Bump pull-mode API version to 2.6
* registrar: Fix missing return after error in _bind_ak_to_iak
* Fix mypy error and include runtime deps in test-requirements
* Fix PUSH mode agent status tracking across restarts and recovery
* Preserve FAIL status when timeout fires
* Block PUSH mode FAIL to PASS auto-recovery
* server: Add max_workers config to cap worker process count
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-1216=1
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-1216=1
## Package List:
* SUSE Linux Enterprise Server 16.0 (noarch)
* keylime-config-7.14.3-160000.1.1
* keylime-tenant-7.14.3-160000.1.1
* keylime-logrotate-7.14.3-160000.1.1
* python313-keylime-7.14.3-160000.1.1
* keylime-registrar-7.14.3-160000.1.1
* keylime-verifier-7.14.3-160000.1.1
* keylime-firewalld-7.14.3-160000.1.1
* keylime-tpm_cert_store-7.14.3-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
* keylime-config-7.14.3-160000.1.1
* keylime-tenant-7.14.3-160000.1.1
* python313-keylime-7.14.3-160000.1.1
* keylime-logrotate-7.14.3-160000.1.1
* keylime-registrar-7.14.3-160000.1.1
* keylime-verifier-7.14.3-160000.1.1
* keylime-firewalld-7.14.3-160000.1.1
* keylime-tpm_cert_store-7.14.3-160000.1.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260716/abd80e8d/attachment.htm>
More information about the sle-updates
mailing list