UbuntuUpdates.org

Package "barbican-common"

Name: barbican-common

Description:

OpenStack Key Management Service - common files

Latest version: 1:6.0.1-0ubuntu1.2
Release: bionic (18.04)
Level: updates
Repository: main
Head package: barbican
Homepage: https://github.com/openstack/barbican

Links


Download "barbican-common"


Other versions of "barbican-common" in Bionic

Repository Area Version
base main 1:6.0.0-0ubuntu1
security main 1:6.0.1-0ubuntu1.2

Changelog

Version: 1:6.0.1-0ubuntu1.2 2022-10-25 14:07:13 UTC

  barbican (1:6.0.1-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: access policy bypass via query string injection
    - debian/patches/CVE-2022-3100.patch: don't use contents of query
      string in barbican/api/controllers/__init__.py.
    - CVE-2022-3100

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 09:35:33 -0400

Source diff to previous version
CVE-2022-3100 access policy bypass via query string injection

Version: 1:6.0.1-0ubuntu1.1 2022-04-25 16:06:21 UTC

  barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Access restrictions bypass
    - debian/patches/CVE-2022-23451.patch: Change access policies to
      secret metadata in barbican/common/policies/secretmeta.py. Add a new
      role in barbican/common/policies/base.py and make use of these changes
      in barbican/api/controllers/__init__.py,
      barbican/api/controllers/secretmeta.py and
      barbican/api/controllers/secrets.py.
    - debian/patches/CVE-2022-23451-post.patch: Change secret policies in
      barbican/common/policies/secrets.py, add tests in
      barbican/tests/api/test_resources_policy.py and
      functionaltests/api/v1/functional/test_secrets_rbac.py and update
      api guide in api-guide/source/acls.rst.
    - CVE-2022-23451
  * SECURITY UPDATE: Ownership bypass
    - debian/patches/CVE-2022-23452.patch: Update container secret policies
      in barbican/common/policies/containers.py and add a new role in
      barbican/common/policies/base.py.
    - CVE-2022-23452

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 21 Apr 2022 10:52:20 -0300

Source diff to previous version

Version: 1:6.0.1-0ubuntu1 2018-12-18 23:06:47 UTC

  barbican (1:6.0.1-0ubuntu1) bionic; urgency=medium

  * d/gbp.conf: Create stable/queens branch.
  * New stable point release for OpenStack Queens (LP: #1806043).

 -- Corey Bryant <email address hidden> Mon, 03 Dec 2018 09:15:09 -0500




About   -   Send Feedback to @ubuntu_updates