UbuntuUpdates.org

Package "keystone"

Name: keystone

Description:

OpenStack identity service - Daemons
Latest version: 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://launchpad.net/keystone

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "keystone"

All arch deb package
APT INSTALL

Other versions of "keystone" in Precise

Repository Area Version
base main 2012.1-0ubuntu1
security main 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.2 2012-09-13 01:06:48 UTC

  keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: Pre-existing tokens continue to be valid after
    granting or revoking a user's access (LP: #1041396)
    - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
      tokens upon role grant/revoke
    - CVE-2012-4413
 -- Steve Beattie <email address hidden> Wed, 12 Sep 2012 09:47:55 -0700
Source diff to previous version
1041396 Token validation includes revoked roles (CVE-2012-4413)
CVE-2012-4413 openstack revoking a role does not affect existing tokens

Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.1 2012-09-03 18:06:54 UTC

  keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.1) precise-security; urgency=low

  * SECURITY UPDATE: tenants are able to be added to users without
    authorization (LP: #1040626)
    - debian/patches/keystone-CVE-2012-3542: require authz to update a
      user's tenant.
    - CVE-2012-3542
 -- Steve Beattie <email address hidden> Thu, 30 Aug 2012 15:10:26 -0700
Source diff to previous version
1040626 Update user's default tenant partially succeeds without authz

Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2 2012-09-03 16:07:00 UTC

  keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low

  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
      Dropped.
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)
 -- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400
Source diff to previous version
1041120 Meta bug for tracking Openstack Stable Updates
1035428 authenticate in ldap backend doesn't return a list of roles
997700 LDAP should not check username on \
1006815 Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
1012381 Memcache token backend eventually stops working
1016056 EC2 credentials not migrated from legacy (diablo) database
973243 deleting tenants or users does not clean up metadata
974199 deleting a tenant does not cleanup its user associations
983800 TokenNotFound not raised in testsuite because of timezone issues
988920 Token authentication for a user in a disabled tenant does not raise Unauthorized error
994936 export_legacy_catalog doesn't convert url names correctly
996595 Following a password compromise and subsequent password change, tokens remain valid.
997194 Tokens remain valid after a user account is disabled

Version: 2012.1+stable~20120608-aff45d6-0ubuntu1 2012-07-10 07:06:40 UTC

  keystone (2012.1+stable~20120608-aff45d6-0ubuntu1) precise-proposed; urgency=low

  * New usptream snapshot. (LP: #1010473)
  * Resynchronize with stable/essex:
    - aff45d6 - Make import_nova_auth only create roles which don't already exist
      (LP: #959294)
  * debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch: Backported
    fix for "Flush tenant membership deletion before user." (LP: #998137)
 -- Chuck Short <email address hidden> Tue, 05 Jun 2012 11:24:02 -0400
1010473 [SRU] Tracker for 12.04 Openstack Updates
959294 [SRU] Can't delete users
998137 [SRU] Keystone user tenant membership not always re...


About   -   Send Feedback to @ubuntu_updates