Package "keystone"
Name: |
keystone
|
Description: |
OpenStack identity service - Daemons
|
Latest version: |
2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://launchpad.net/keystone |
Links
Download "keystone"
Other versions of "keystone" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
granting or revoking a user's access (LP: #1041396)
- debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
tokens upon role grant/revoke
- CVE-2012-4413
-- Steve Beattie <email address hidden> Wed, 12 Sep 2012 09:47:55 -0700
|
Source diff to previous version |
1041396 |
Token validation includes revoked roles (CVE-2012-4413) |
CVE-2012-4413 |
openstack revoking a role does not affect existing tokens |
|
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: tenants are able to be added to users without
authorization (LP: #1040626)
- debian/patches/keystone-CVE-2012-3542: require authz to update a
user's tenant.
- CVE-2012-3542
-- Steve Beattie <email address hidden> Thu, 30 Aug 2012 15:10:26 -0700
|
Source diff to previous version |
1040626 |
Update user's default tenant partially succeeds without authz |
|
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low
* New upstream release (LP: #1041120):
- debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
Dropped.
* Resynchronize with stable/essex:
- authenticate in ldap backend doesn't return a list of roles
(LP: #1035428)
- LDAP should not check username on "sn" field (LP: #997700)
- Admin API doesn't valid token. (LP: #1006815, #1006822)
- Memcache token backend eventually stops working. (LP: #1012381)
- EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
- Deleting tenants or users does not cleanup metadata. (LP: #973243)
- Deleting tenants does not cleanup its user associations. (LP: #974199)
- TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
- Token authentication for a user in a disabled tenant does not raise
Unauthorized error. (LP: #988920)
- export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
- Following a password compromise and subsequent password change,
tokens remain valid. (LP: #996595)
- Tokens remain valid after a user account is disabled. (LP: #997194)
-- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400
|
Source diff to previous version |
1041120 |
Meta bug for tracking Openstack Stable Updates |
1035428 |
authenticate in ldap backend doesn't return a list of roles |
997700 |
LDAP should not check username on \ |
1006815 |
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token |
1012381 |
Memcache token backend eventually stops working |
1016056 |
EC2 credentials not migrated from legacy (diablo) database |
973243 |
deleting tenants or users does not clean up metadata |
974199 |
deleting a tenant does not cleanup its user associations |
983800 |
TokenNotFound not raised in testsuite because of timezone issues |
988920 |
Token authentication for a user in a disabled tenant does not raise Unauthorized error |
994936 |
export_legacy_catalog doesn't convert url names correctly |
996595 |
Following a password compromise and subsequent password change, tokens remain valid. |
997194 |
Tokens remain valid after a user account is disabled |
|
keystone (2012.1+stable~20120608-aff45d6-0ubuntu1) precise-proposed; urgency=low
* New usptream snapshot. (LP: #1010473)
* Resynchronize with stable/essex:
- aff45d6 - Make import_nova_auth only create roles which don't already exist
(LP: #959294)
* debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch: Backported
fix for "Flush tenant membership deletion before user." (LP: #998137)
-- Chuck Short <email address hidden> Tue, 05 Jun 2012 11:24:02 -0400
|
1010473 |
[SRU] Tracker for 12.04 Openstack Updates |
959294 |
[SRU] Can't delete users |
998137 |
[SRU] Keystone user tenant membership not always re... |
|
About
-
Send Feedback to @ubuntu_updates