==========================================================================
Ubuntu Security Notice USN-3448-1
October 11, 2017
keystone vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
OpenStack Keystone would allow unintended access over the network.
Software Description:
– keystone: OpenStack identity service
Details:
Boris Bobrov discovered that OpenStack Keystone incorrectly handled
federation mapping when there are rules in which group-based assignments
are not used. A remote authenticated user may receive all the roles
assigned to a project regardless of the federation mapping, contrary to
expectations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
keystone 2:9.3.0-0ubuntu3.1
python-keystone 2:9.3.0-0ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3448-1
CVE-2017-2673
Package Information:
https://launchpad.net/ubuntu/+source/keystone/2:9.3.0-0ubuntu3.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZ3ht5AAoJEGVp2FWnRL6TJjQP/3sY6And2aLA5o2QE7eMg0IX
NTm8iz8SFuJpWCgN+V7DQl/rpenu6xBOHlCUuiDa7cI2NlEPxRiVYe/ziL/e0xAS
vQITUUTqXBOV2rjL2zTyInEiPz60DJ8HkhIJWKaPbhEMxAoSfZXnK8O0fRd6ukrI
y3+UZzXkiygtPrJUEGjVUgLOm2ED4wHsIGFw60u5B3J9MuM/0ILn3FPrWfDTx/2r
VSOgTwpT7lNvxu4hRhPaGSBOodDUoGGAk6Fbaq/J+32t/yJqYgOyCGsgzGeADCgh
QGcl4BoAGBe11k2P6nM7fvnBdHS9AjAAxGDrHY0Dn6YoC9jYipZJGvb9u0bnIcwe
hGmFZIps1NTwYVftxH0TsIartsNfNULOGQhLR2JYSRfypvhinqv+zg+e9NVK7Hfg
7c2h6Vf6ZTDW3OyW0xCCgonXvZs/ElvCsiOjRx14gzuJwLtpxrbyD89HqNuwyvSY
KWO9pbW4eGJZrzQACOWzvTvMuDvvFY3EebuRlBWdHO7FJJ0PyjVucGEK3Quiop1+
N1VURdaF3YMlEwmInb+1RVsLOFQEy08dLdHAXqt6o59mBIElx/3FkpnklWklGm1X
UesDDkMNiWq5/Qr4bRgC7eKQZit7BrFYd2z7Xhuo3HYPusep9kxh3QHcvc/gzorx
Z/+Erfw5uNumvtiZ154B
=vbPG
—–END PGP SIGNATURE—–
—