-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-13075 2012-08-31 20:54:08 --------------------------------------------------------------------------------
Name : openstack-keystone Product : Fedora 17 Version : 2012.1.2 Release : 4.fc17 URL : http://keystone.openstack.org/ Summary : OpenStack Identity Service Description : Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. This package contains the Keystone daemon. -------------------------------------------------------------------------------- Update Information: * Require authz to update user's tenant (CVE-2012-3542) * Delete user tokens after role grant/revoke (CVE-2012-4413) * Fails to validate tokens in Admin API (CVE-2012-4456) * Fails to raise Unauthorized user error for disabled tenant (CVE-2012-4457) -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 16 2012 Alan Pevec <[email protected]> 2012.1.2-4 - Limit token revocation to tenant (lp#1050025) * Wed Sep 12 2012 Alan Pevec <[email protected]> 2012.1.2-3 - Delete user tokens after role grant/revoke (CVE-2012-4413) * Thu Aug 30 2012 Alan Pevec <[email protected]> 2012.1.2-2 - Require authz to update user's tenant (CVE-2012-3542) * Mon Aug 13 2012 Alan Pevec <[email protected]> 2012.1.2-1 - updated to stable essex release 2012.1.2 * Fri Jun 22 2012 Alan Pevec <[email protected]> 2012.1.1-1 - updated to stable essex release 2012.1.1 (CVE-2012-3426) * Fri Jun 15 2012 Alan Pevec <[email protected]> 2012.1-5 - fix upgrade case with python-keystone-auth-token (rhbz#824034#c20) * Mon Jun 11 2012 Alan Pevec <[email protected]> 2012.1-4 - Corrects url conversion in export_legacy_catalog (lp#994936) - Invalidate user tokens when password is changed (lp#996595) - Invalidate user tokens when a user is disabled (lp#997194) - Carrying over token expiry time when token chaining (lp#998185) * Thu May 24 2012 Alan Pevec <[email protected]> 2012.1-3 - python-keystone-auth-token subpackage (rhbz#824034) - use reserved user id for keystone (rhbz#752842) * Mon May 21 2012 Alan Pevec <[email protected]> 2012.1-2 - Sync up with Essex stable branch - Remove dependencies no loner needed by Essex -------------------------------------------------------------------------------- References: [ 1 ] Bug #853244 - CVE-2012-3542 OpenStack Keystone: Lack of authorization for adding users to tenants [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=853244 [ 2 ] Bug #856712 - CVE-2012-4413 OpenStack-Keystone: role revocation token issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=856712 [ 3 ] Bug #861182 - CVE-2012-4456 CVE-2012-4457 openstack-keystone various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=861182 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openstack-keystone' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
