UbuntuUpdates.org

Package "keystone"

Name: keystone

Description:

OpenStack identity service - Daemons

Latest version: 1:2014.1.3-0ubuntu2.1
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://launchpad.net/keystone

Links


Download "keystone"


Other versions of "keystone" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
updates main 1:2014.1.5-0ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2014.1.3-0ubuntu2.1 2014-11-11 20:06:27 UTC

  keystone (1:2014.1.3-0ubuntu2.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [878f12e] Adds a whitelist for endpoint catalog substitution
      + CVE-2014-3621
      + LP: #1354208
 -- Marc Deslauriers <email address hidden> Tue, 21 Oct 2014 12:13:36 -0400

Source diff to previous version
1354208 [OSSA 2014-029] Catalog replacement allows reading config (CVE-2014-3621)
CVE-2014-3621 The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuratio

Version: 1:2014.1.2.1-0ubuntu1.1 2014-08-21 20:06:37 UTC

  keystone (1:2014.1.2.1-0ubuntu1.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [7378512] Block delegation escalation of privilege
      + CVE-2014-3476
      + LP: #1324592
    - [44555e8] Ensure that in v2 auth tenant_id matches trust
      + CVE-2014-3520
      + LP: #1331912
    - [6cbf835] Fix revocation event handling with MySQL
      + CVE-2014-5251
      + LP: #1347961
    - [bdb88c6] Fix for V2 token issued_at time changing
      + CVE-2014-5252
      + LP: #1348820
    - [317f9d3] Fix revoking domain-scoped tokens
      + CVE-2014-5253
      + LP: #1349597
 -- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:06:13 -0500

1324592 [OSSA 2014-018] Trust scope can be circumvented by chaining trusts (CVE-2014-3476)
1331912 [OSSA 2014-022] V2 Trusts allow trustee to emulate trustor in other projects (CVE-2014-3520)
1347961 [OSSA 2014-026] Revocation events are broken with mysql (CVE-2014-5251)
1348820 [OSSA 2014-026] Token issued_at time changes on /v3/auth/token GET requests (CVE-2014-5252)
1349597 [OSSA 2014-026] Domain-scoped tokens don't get revoked (CVE-2014-5253)
CVE-2014-3476 OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...
CVE-2014-3520 Keystone V2 trusts privilege escalation through user supplied project id
CVE-2014-5251 vulnerabilities in Keystone revocation events
CVE-2014-5252 vulnerabilities in Keystone revocation events
CVE-2014-5253 vulnerabilities in Keystone revocation events



About   -   Send Feedback to @ubuntu_updates