========================================================================== Ubuntu Security Notice USN-4262-1 January 30, 2020
keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 Summary: OpenStack Keystone could be made to expose sensitive information over the network. Software Description: - keystone: OpenStack identity service Details: Daniel Preussker discovered that OpenStack Keystone incorrectly handled the list credentials API. A user with a role on the project could use this issue to view any other user's credentials. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: keystone 2:16.0.0-0ubuntu1.1 python3-keystone 2:16.0.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4262-1 CVE-2019-19687 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:16.0.0-0ubuntu1.1
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
