Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29467
HistoryJun 17, 2013 - 12:00 a.m.

[USN-1830-1] OpenStack Keystone vulnerability

2013-06-1700:00:00
vulners.com
27
JSON

==========================================================================
Ubuntu Security Notice USN-1830-1
May 16, 2013

keystone vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary:

Keystone would allow unintended access over the network.

Software Description:

  • keystone: OpenStack identity service

Details:

Sam Stoelinga discovered that Keystone would not immediately invalidate
tokens when deleting users via the v2 API. A deleted user would be able to
continue to use resources until the token lifetime expired.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
python-keystone 1:2013.1-0ubuntu1.1

Ubuntu 12.10:
python-keystone
2012.2.3+stable-20130206-82c87e56-0ubuntu2.1

Ubuntu 12.04 LTS:
python-keystone
2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1830-1
CVE-2013-2059

Package Information:
https://launchpad.net/ubuntu/+source/keystone/1:2013.1-0ubuntu1.1

https://launchpad.net/ubuntu/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2.1

https://launchpad.net/ubuntu/+source/keystone/2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

nessus 4
openvas 6
debiancve 1
prion 1
cve 1
ubuntucve 1
ubuntu 1
fedora 3
securityvulns 1
nessus
nessus
Ubuntu 12.04 LTS / 12.10 / 13.04 : keystone vulnerability (USN-1830-1)
2013-05-17 00:00:00
openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0949-1)
2014-06-13 00:00:00
Fedora 19 : openstack-keystone-2013.1.1-1.fc19 (2013-8023)
2013-05-26 00:00:00
openvas
openvas
Ubuntu Update for keystone USN-1830-1
2013-05-17 00:00:00
Ubuntu Update for keystone USN-1830-1
2013-05-17 00:00:00
Fedora Update for openstack-keystone FEDORA-2013-8048
2013-05-23 00:00:00
debiancve
debiancve
CVE-2013-2059
2013-05-21 18:55:00
prion
prion
Authentication flaw
2013-05-21 18:55:00
cve
cve
CVE-2013-2059
2013-05-21 18:55:00
ubuntucve
ubuntucve
CVE-2013-2059
2013-05-09 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerability
2013-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.1-1.fc19
2013-05-24 20:26:13
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-5.fc18
2013-08-09 17:01:37
securityvulns
securityvulns
OpenStack multiple security vulnerabilities
2013-07-01 00:00:00
JSON
Related for SECURITYVULNS:DOC:29467
nessus4openvas6debiancve1prion1cve1ubuntucve1ubuntu1fedora3securityvulns1