[go: up one dir, main page]
|
|
Subscribe / Log in / New account

Search results

Query:
Filters:
Content typeCategories
 LWN Feature article
 Guest article
 News item
 Email item
 Security alert
 Security vulnerability
 Kernel patch
 Comment		  Announcements
 Briefs
 Commerce
 Development
 Distributions
 Front
 Kernel
 Legal
 Letters
 Press
 Security
Order by: relevance date

Search results

Fedora security update to openstack-keystone
([Security] Posted Apr 7, 2014 16:02 UTC (Mon) by ris )

CVE-2013-6391
- Trustee token revocation does not work with memcache backend CVE-2014-2237
* Wed Oct 30 2013 Alan Pevec <apevec@redhat.com> 2013.1.4-2
- unintentional role granting with Keystone LDAP backend CVE-2013-4477
* Mon Oct 21 2013 Alan Pevec <apevec@redhat.com> 2013.1.4-1
- updated to stable grizzly 2013.1.4 release
* Fri Sep 13 2013 Alan Pevec <apevec@redhat.com> 2013.1.3-2
- Fix token revocation list API CVE-2013-4294
* Mon Aug 12 2013 Alan Pevec <apevec@redhat.com> 2013.1.3-1
- updated to stable grizzly 2013.1.3 release
* Mon Jun 24 2013 Alan Pevec <apevec@redhat.com> 2013.1.2-3
- restrict /var/log/keystone/ rhbz#956814
* Sat Jun 22 2013 Alan Pevec <apevec@redhat.com> 2013.1.2-2
- Force simple Bind for authentication CVE-2013-2157

Fedora security update to openstack-keystone
([Security] Posted Nov 8, 2013 16:26 UTC (Fri) by n8willis )

-2013-20373
2013-10-31 01:57:56
--------------------------------------------------------------------------------

Name        : openstack-keystone
Product     : Fedora 19
Version     : 2013.1.4
Release     : 2.fc19
URL         :  http://keystone.openstack.org/ 
Summary     : OpenStack Identity Service
Description :
Keystone is a Python implementation of the OpenStack
( http://www.openstack.org ) identity service API.

This package contains the Keystone daemon.

--------------------------------------------------------------------------------
Update Information:

update to 2013.1.4 stable/grizzly release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2013 Alan Pevec <apevec@redhat.com> 2013.1.4-2
- unintentional role granting with Keystone LDAP backend CVE-2013-4477
* Mon Oct 21 2013 Alan Pevec <apevec@redhat.com> 2013.1.4-1
- updated to stable grizzly 2013.1.4 release
* Fri Sep 13 2013 Alan Pevec <apevec@redhat.com> 2013.1.3-2
- Fix token revocation list API CVE-2013-4294
* Mon Aug 12 2013 Alan Pevec <apevec@redhat.com> 2013.1.3-1
- updated to stable grizzly 2013.1.3 release
* Mon Jun 24 2013 Alan Pevec <apevec@redhat.com> 2013.1.2-3
- restrict /var/log/keystone/ rhbz#956814
* Sat Jun 22 2013 Alan Pevec <apevec@redhat.com> 2013.1.2-2
- Force simple Bind for authentication CVE-2013-2157

Fedora security update to openstack-keystone
([Security] Posted Aug 12, 2013 15:58 UTC (Mon) by ris )

CVE-2013-2030
- Revoke tokens on user delete CVE-2013-2059
* Thu Apr 25 2013 Alan Pevec <apevec@redhat.com> 2012.2.4-2
- avoid potential disclosure in log files CVE-2013-2006
- restrict /var/log/keystone/ rhbz#956814
* Thu Apr 11 2013 Alan Pevec <apevec@redhat.com> 2012.2.4-1
- updated to stable folsom release 2012.2.4
* Fri Mar 29 2013 Alan Pevec <apevec@redhat.com> 2012.2.3-5
- Fix online revocation check for PKI tokens CVE-2013-1865
* Mon Mar 11 2013 Alan Pevec <apevec@redhat.com> 2012.2.3-4
- openssl is required for PKI tokens rhbz#918757
* Sat Feb 23 2013 Alan Pevec <apevec@redhat.com> 2012.2.3-3
- ensure user and tenant are enabled CVE-2013-0282
- disable XML entity parsing CVE-2013-1664, CVE-2013-1665
* Fri Feb  8 2013 Alan Pevec <apevec@redhat.com> 2012.2.3-2
- limit parameters and tokens size CVE-2013-0247
* Sat Feb  2 2013 Alan Pevec <apevec@redhat.com> 2012.2.3-1
- updated to stable folsom release 2012.2.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #965852 - CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI
token validation
         https://bugzilla.redhat.com/show_bug.cgi?id=965852 
  [ 2 ] Bug #971884 - CVE-2013-2157

Fedora security update to openstack-keystone
([Security] Posted Jul 22, 2013 16:13 UTC (Mon) by ris )

CVE-2013-2157
restrict /var/log/keystone/ rhbz#956814
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 24 2013 apevec@redhat.com 2013.1.2-3
- restrict /var/log/keystone/ rhbz#956814
* Sat Jun 22 2013 apevec@redhat.com 2013.1.2-2
- Force simple Bind for authentication CVE-2013-2157
* Fri Jun  7 2013 Alan Pevec <apevec@redhat.com> 2013.1.2-1
- updated to stable grizzly 2013.1.2 release

Red Hat security update to openstack-keystone
([Security] Posted Jul 17, 2013 15:57 UTC (Wed) by ris )

-2013:1083-01] Important: openstack-keystone security update   
   Date : 
    	         Tue, 16 Jul 2013 18:31:52 +0000  
   Message-ID : 
    	         <201307161831.r6GIVqBr002561@int-mx02.intmail.prod.int.phx2.redhat.com>  

  -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openstack-keystone security update
Advisory ID:       RHSA-2013:1083-01
Product:           Red Hat OpenStack
Advisory URL:       https://rhn.redhat.com/errata/RHSA-2013-1083.html 
Issue date:        2013-07-16
CVE Names:         CVE-2013-2157

Red Hat security update to openstack-keystone
([Security] Posted Jun 28, 2013 15:36 UTC (Fri) by n8willis )

-2013:0994-01] Important: openstack-keystone security and bug
	fix update   
   Date : 
    	         Thu, 27 Jun 2013 18:22:49 +0000  
   Message-ID : 
    	         <201306271822.r5RIMnAJ012177@int-mx01.intmail.prod.int.phx2.redhat.com>  

  -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openstack-keystone security and bug fix update
Advisory ID:       RHSA-2013:0994-01
Product:           Red Hat OpenStack
Advisory URL:       https://rhn.redhat.com/errata/RHSA-2013-0994.html
 
Issue date:        2013-06-27
CVE Names:         CVE-2013-2157

openSUSE security update to openstack-keystone
([Security] Posted Jun 28, 2013 15:30 UTC (Fri) by n8willis )

CVE-2013-2104 CVE-2013-2157
Affected Products:
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update of openstack-keystone fixes two security
   vulnerabilities.
   - Add CVE-2013-2104.patch: fix missing expiration check in
   Keystone PKI token validation (CVE-2013-2104, bnc#821201)
   - Add CVE-2013-2157.patch: fix authentication bypass

Ubuntu security update to keystone
([Security] Posted Jun 14, 2013 16:14 UTC (Fri) by n8willis )

CVE-2013-2104)

Jose Castro Leon discovered that Keystone did not properly authenticate
users when using the LDAP backend. An attacker could obtain valid tokens
and impersonate other users by supplying an empty password. By default,
Ubuntu does not use the LDAP backend. (CVE-2013-2157)

Update instructions:

The problem

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds