==========================================================================
Ubuntu Security Notice USN-4480-1
September 01, 2020
keystone vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenStack Keystone.
Software Description:
– keystone: OpenStack identity service
Details:
It was discovered that OpenStack Keystone incorrectly handled EC2
credentials. An authenticated attacker with a limited scope could possibly
create EC2 credentials with escalated permissions. (CVE-2020-12689,
CVE-2020-12691)
It was discovered that OpenStack Keystone incorrectly handled the list of
roles provided with OAuth1 access tokens. An authenticated user could
possibly end up with more role assignments than intended. (CVE-2020-12690)
It was discovered that OpenStack Keystone incorrectly handled EC2 signature
TTL checks. A remote attacker could possibly use this issue to reuse
Authorization headers. (CVE-2020-12692)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
keystone 2:13.0.4-0ubuntu1
python-keystone 2:13.0.4-0ubuntu1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4480-1
CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692
Package Information:
https://launchpad.net/ubuntu/+source/keystone/2:13.0.4-0ubuntu1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9OOXYACgkQZWnYVadE
vpO5ZQ//bQb8hb58+rPV6idIlYnbDJ2nw5Wz3LlvW0fscvPZ/MTe8bj22AJobivx
mTwQXllD1Cv5iX6uZ8KrruI3Y71353E4lAKtVEE+7vb7tftPcNQ/DYJ7w8L9NRxb
gdBB++hZGhglJO/iUBXYYX9mYUG9GeMkxa2sKI/hZcEXTPei1zD8XlUX6W8Wpw7f
DVb2JTRpIgJqFBrdf4RH/HeYBW2jz1suFuySoLklxSbC8Ke1BZboTQ82umKGs5Ny
vwoSLpjJ2bErC57LkRoEMfGJvN2weyxtLusqYcYL0XpPW7+17gHfFLUIYyQq4y2D
nqhFmZZuLZtWka3UaFin3O4k1jQ5SFD0Mx7e5UpZX9G8/AQqtb2RETs0AOvU022Z
t8xCiyb1XQfhROMnX5Jxfa2Sgd/2SrCuAo2GwELsy0jbt62YbPJoJtJGJxEeRLfW
R/VdVCI5G8rVNmboXGLVdC54Y4jIm5N8JuCdisN16sRlxlNDq91dc7CFKzTL9iTX
HrXzr/MT2sXYbh14xxI9EL8xrZo5jsgRTePH1jfB5YE6RsQpb88egvsLUz3CkcNU
YzHzCBBBentj9KEFNgH+7sEAnjzzYQhiU5vMnNkrdyPZDp7QGZzyYbdM9g71Ae04
PIzfZlgm6eJFr4YWHb/9zg6q+MV25jtAFoaVY4mjCaA6JupTLC4=
=NcjT
—–END PGP SIGNATURE—–
—