Impact
Current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.
Patches
Users should upgrade to at least 6.3.x.
Fix for the Debian packaging can be found here: utkarsh2102/python-keylime#39
Workarounds
After install of affected versions, run a chmod 600 command against the file to restrict it's readability.
Note that the SUSE package had this issue already fixed in earlier versions.
Credit
Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.
For more information
If you have any questions or comments about this advisory:
Impact
Current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.
Patches
Users should upgrade to at least 6.3.x.
Fix for the Debian packaging can be found here: utkarsh2102/python-keylime#39
Workarounds
After install of affected versions, run a
chmod 600command against the file to restrict it's readability.Note that the SUSE package had this issue already fixed in earlier versions.
Credit
Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.
For more information
If you have any questions or comments about this advisory: