Red Hat Product Errata RHSA-2026:2225 - Security Advisory
Issued:
2026-02-09
Updated:
2026-02-09

RHSA-2026:2225 - Security Advisory

Synopsis

Critical: keylime security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for keylime is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.

Security Fix(es):

  • keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication (CVE-2026-1709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64

Fixes

  • BZ - 2435514 - CVE-2026-1709 keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

Red Hat Enterprise Linux for x86_64 10

SRPM
keylime-7.12.1-11.el10_1.4.src.rpm SHA-256: 3d9390a2afc0b69a9032f375a4d4539d6639fdbe5910e8ae6e7377389079c393
x86_64
keylime-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: bb17971d0e60d2ea00c25f535932e10958c624308681730d77dbe441635eb541
keylime-base-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: ddb4b125838d5f605e65d859e96aa7b55a4fbe7de0797b9190d09549d432ee45
keylime-registrar-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: 1dd2b8f6d10e9f1151650f54596c471b52c8c814dc00e7b57090a64e2cc96a35
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm SHA-256: 980495c95fd966f5296968b9cbdaacfc2e4edc428382e850e1845f4cbd6d8cc0
keylime-tenant-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: 62940e6da39eb3798b6a974b77235a482c0d134f6aabb9596b29d183f1b8a49d
keylime-tools-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: 9b0f46e1a0ba38d5fb644bc1c83fc9f93a110ea0ef97f940f4283d5aa453d97e
keylime-verifier-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: 897bf13a30d74424cb56fe593c473ffe1c6d3b54e62a361e23bb22cbe7122ad8
python3-keylime-7.12.1-11.el10_1.4.x86_64.rpm SHA-256: 8c82d3d1264d08d58cea0e486b4ec636d3594992b337268ed1413f9e6d482e1f

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
keylime-7.12.1-11.el10_1.4.src.rpm SHA-256: 3d9390a2afc0b69a9032f375a4d4539d6639fdbe5910e8ae6e7377389079c393
s390x
keylime-7.12.1-11.el10_1.4.s390x.rpm SHA-256: f8c84e08ae8918eec2a42f49bf88b6caee84b736103bc8f70ed9d2e4ddc885bb
keylime-base-7.12.1-11.el10_1.4.s390x.rpm SHA-256: e67924f7623ee37b3f4c77540b0f516ea74e81cb644ccdd2f0cda28a4e525ae2
keylime-registrar-7.12.1-11.el10_1.4.s390x.rpm SHA-256: ea0f433c93524ba5fced474e8a92d804bb98900388e8049039daba68edca61ac
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm SHA-256: 980495c95fd966f5296968b9cbdaacfc2e4edc428382e850e1845f4cbd6d8cc0
keylime-tenant-7.12.1-11.el10_1.4.s390x.rpm SHA-256: 69fd1cf181695813775817587460575c7e5b47d1863c394caf58eabaa0c8dbb8
keylime-tools-7.12.1-11.el10_1.4.s390x.rpm SHA-256: 1f80de116066a740578215b3b0a90737643e29c972bea43db7871071b900a662
keylime-verifier-7.12.1-11.el10_1.4.s390x.rpm SHA-256: 103b478c2ecc4baed9c6ed9b102a60e7d372501acf1d9d1645dab9f7a982b61d
python3-keylime-7.12.1-11.el10_1.4.s390x.rpm SHA-256: ef485cbb812333b6119f5879b8e84135315686e9adbf5c9c1417f44515e0b813

Red Hat Enterprise Linux for Power, little endian 10

SRPM
keylime-7.12.1-11.el10_1.4.src.rpm SHA-256: 3d9390a2afc0b69a9032f375a4d4539d6639fdbe5910e8ae6e7377389079c393
ppc64le
keylime-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: ea7001a1b536d85ee15bbf5fe0716f4e562dd01be08a66141eae21dba299e7df
keylime-base-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: 633026734c54ea14c608b184e97b5394c9af36653842896d08e87801ab7f082a
keylime-registrar-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: db43e379b659734a92c482c68081bacd1f4cbb4919419dd2c9f9a438959f8e10
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm SHA-256: 980495c95fd966f5296968b9cbdaacfc2e4edc428382e850e1845f4cbd6d8cc0
keylime-tenant-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: 740509162f5133460a1142af1f946b4bb2a066272af7d2a86882dd8c5ab4d429
keylime-tools-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: 4bbc3b56d9090685ba448fc08cf7d7a25520ce70da569765258a1415c844991f
keylime-verifier-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: ac05b35d5718987abf84034d65b97d2eb869de58ec5408c0e2a0010f2cd2bbee
python3-keylime-7.12.1-11.el10_1.4.ppc64le.rpm SHA-256: 2a915411fb049df4cda3b6a67ae684b563084c5d423979ffe4a7eea051433694

Red Hat Enterprise Linux for ARM 64 10

SRPM
keylime-7.12.1-11.el10_1.4.src.rpm SHA-256: 3d9390a2afc0b69a9032f375a4d4539d6639fdbe5910e8ae6e7377389079c393
aarch64
keylime-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: d5ef1d39cc7142169f499ecffee950d05c45ecf396830509c7e522efb8ce069d
keylime-base-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: 68fb68d5de1f71882ffa641fe1106efa5967d2c5db9f8dee2e2686f06e5b8ca5
keylime-registrar-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: a19f5f3f43712759a7ad87dc2500811f2fee266dac7971a0cc39d7ed9e398c56
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm SHA-256: 980495c95fd966f5296968b9cbdaacfc2e4edc428382e850e1845f4cbd6d8cc0
keylime-tenant-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: e4e2cba55e96e45c47ff2913165c319a1a49c5669ed154e6fc3443969db73caa
keylime-tools-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: 6ac0aefb502cc136cf934753b8968e220907ba8ec2d471ec814b29e667201d38
keylime-verifier-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: bc5ce71e17bbc9a6d5fe6f6512efc9c567f705ef496f4cc17e9708ab7c6e8db2
python3-keylime-7.12.1-11.el10_1.4.aarch64.rpm SHA-256: 15c0542a1ef3f2c3527abe9348731f26b0ebc7f7aa4a6b1c9db009ec1f07f033

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.