You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa keystone

Sigurnosni nedostaci programskog paketa keystone

==========================================================================
Ubuntu Security Notice USN-4480-1
September 01, 2020

keystone vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenStack Keystone.

Software Description:
– keystone: OpenStack identity service

Details:

It was discovered that OpenStack Keystone incorrectly handled EC2
credentials. An authenticated attacker with a limited scope could possibly
create EC2 credentials with escalated permissions. (CVE-2020-12689,
CVE-2020-12691)

It was discovered that OpenStack Keystone incorrectly handled the list of
roles provided with OAuth1 access tokens. An authenticated user could
possibly end up with more role assignments than intended. (CVE-2020-12690)

It was discovered that OpenStack Keystone incorrectly handled EC2 signature
TTL checks. A remote attacker could possibly use this issue to reuse
Authorization headers. (CVE-2020-12692)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
keystone 2:13.0.4-0ubuntu1
python-keystone 2:13.0.4-0ubuntu1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4480-1
CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692

Package Information:
https://launchpad.net/ubuntu/+source/keystone/2:13.0.4-0ubuntu1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9OOXYACgkQZWnYVadE
vpO5ZQ//bQb8hb58+rPV6idIlYnbDJ2nw5Wz3LlvW0fscvPZ/MTe8bj22AJobivx
mTwQXllD1Cv5iX6uZ8KrruI3Y71353E4lAKtVEE+7vb7tftPcNQ/DYJ7w8L9NRxb
gdBB++hZGhglJO/iUBXYYX9mYUG9GeMkxa2sKI/hZcEXTPei1zD8XlUX6W8Wpw7f
DVb2JTRpIgJqFBrdf4RH/HeYBW2jz1suFuySoLklxSbC8Ke1BZboTQ82umKGs5Ny
vwoSLpjJ2bErC57LkRoEMfGJvN2weyxtLusqYcYL0XpPW7+17gHfFLUIYyQq4y2D
nqhFmZZuLZtWka3UaFin3O4k1jQ5SFD0Mx7e5UpZX9G8/AQqtb2RETs0AOvU022Z
t8xCiyb1XQfhROMnX5Jxfa2Sgd/2SrCuAo2GwELsy0jbt62YbPJoJtJGJxEeRLfW
R/VdVCI5G8rVNmboXGLVdC54Y4jIm5N8JuCdisN16sRlxlNDq91dc7CFKzTL9iTX
HrXzr/MT2sXYbh14xxI9EL8xrZo5jsgRTePH1jfB5YE6RsQpb88egvsLUz3CkcNU
YzHzCBBBentj9KEFNgH+7sEAnjzzYQhiU5vMnNkrdyPZDp7QGZzyYbdM9g71Ae04
PIzfZlgm6eJFr4YWHb/9zg6q+MV25jtAFoaVY4mjCaA6JupTLC4=
=NcjT
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa virt:8.2

Otkriveni su sigurnosni nedostaci u programskom paketu virt:8.2 za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija,...

Close