Home / mailings [SECURITY] [DSA 6104-1] python-keystonemiddleware security update
Posted on 20 January 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6104-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 20, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-keystonemiddleware
CVE ID : CVE-2026-22797
Grzegorz Grasza discovered a vulnerability in the Openstack middleware to
provide authentication and authorization features to web services other
than Keystone: If an external OAuth provider is configured,
authentication headers are insufficiently sanitised, which could result
in privilege escalation or user impersonation.
The oldstable distribution (bookworm) is not affected.
For the stable distribution (trixie), this problem has been fixed in
version 10.9.0-2+deb13u1.
We recommend that you upgrade your python-keystonemiddleware packages.
For the detailed security status of python-keystonemiddleware please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-keystonemiddleware
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
