Package "barbican"

Name:	barbican
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: OpenStack Key Management Service - API Server OpenStack Key Management Service - common files OpenStack Key Management Service - doc OpenStack Key Management Service - Keystone Listener
Latest version:	1:6.0.1-0ubuntu1.2
Release:	bionic (18.04)
Level:	updates
Repository:	main

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "barbican" in Bionic

Repository	Area	Version
base	main	1:6.0.0-0ubuntu1
security	main	1:6.0.1-0ubuntu1.2

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1:6.0.1-0ubuntu1.2 2022-10-25 14:07:13 UTC

barbican (1:6.0.1-0ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: access policy bypass via query string injection - debian/patches/CVE-2022-3100.patch: don't use contents of query string in barbican/api/controllers/__init__.py. - CVE-2022-3100 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 09:35:33 -0400

Source diff to previous version

CVE-2022-3100

access policy bypass via query string injection

Version: 1:6.0.1-0ubuntu1.1 2022-04-25 16:06:21 UTC

Version: 1:6.0.1-0ubuntu1.1	2022-04-25 16:06:21 UTC
barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-post.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 21 Apr 2022 10:52:20 -0300
Source diff to previous version

barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-post.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 21 Apr 2022 10:52:20 -0300

Source diff to previous version

Version: 1:6.0.1-0ubuntu1	2018-12-18 23:06:47 UTC
`barbican (1:6.0.1-0ubuntu1) bionic; urgency=medium * d/gbp.conf: Create stable/queens branch. * New stable point release for OpenStack Queens (LP: #1806043). -- Corey Bryant <email address hidden> Mon, 03 Dec 2018 09:15:09 -0500`

About - Send Feedback to @ubuntu_updates

Package "barbican"

Links

Other versions of "barbican" in Bionic

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

security

PPA updates