Home / mailings

PDF

[USN-1772-1] OpenStack Keystone vulnerability

Posted on 20 March 2013
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-1772-1
March 20, 2013

keystone vulnerability
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Under certain configurations, Keystone would allow unintended access over=

the network.

Software Description:
- keystone: OpenStack identity service

Details:

Guang Yee discovered that Keystone would not always perform all
verification checks when configured to use PKI. If the keystone server wa=
s
configured to use PKI and services or users requested online verification=
,
an attacker could potentially exploit this to bypass revocation checks.
Keystone uses UUID tokens by default in Ubuntu.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-keystone 2012.2.1-0ubuntu1.3

In general, a standard system update will make all the necessary changes.=


References:
http://www.ubuntu.com/usn/usn-1772-1
CVE-2013-1865

Package Information:
https://launchpad.net/ubuntu/+source/keystone/2012.2.1-0ubuntu1.3





------------

 

TOP