==========================================================================
Ubuntu Security Notice USN-3448-1
October 11, 2017

keystone vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

OpenStack Keystone would allow unintended access over the network.

Software Description:
– keystone: OpenStack identity service

Details:

Boris Bobrov discovered that OpenStack Keystone incorrectly handled
federation mapping when there are rules in which group-based assignments
are not used. A remote authenticated user may receive all the roles
assigned to a project regardless of the federation mapping, contrary to
expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
keystone 2:9.3.0-0ubuntu3.1
python-keystone 2:9.3.0-0ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3448-1
CVE-2017-2673

Package Information:
https://launchpad.net/ubuntu/+source/keystone/2:9.3.0-0ubuntu3.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZ3ht5AAoJEGVp2FWnRL6TJjQP/3sY6And2aLA5o2QE7eMg0IX
NTm8iz8SFuJpWCgN+V7DQl/rpenu6xBOHlCUuiDa7cI2NlEPxRiVYe/ziL/e0xAS
vQITUUTqXBOV2rjL2zTyInEiPz60DJ8HkhIJWKaPbhEMxAoSfZXnK8O0fRd6ukrI
y3+UZzXkiygtPrJUEGjVUgLOm2ED4wHsIGFw60u5B3J9MuM/0ILn3FPrWfDTx/2r
VSOgTwpT7lNvxu4hRhPaGSBOodDUoGGAk6Fbaq/J+32t/yJqYgOyCGsgzGeADCgh
QGcl4BoAGBe11k2P6nM7fvnBdHS9AjAAxGDrHY0Dn6YoC9jYipZJGvb9u0bnIcwe
hGmFZIps1NTwYVftxH0TsIartsNfNULOGQhLR2JYSRfypvhinqv+zg+e9NVK7Hfg
7c2h6Vf6ZTDW3OyW0xCCgonXvZs/ElvCsiOjRx14gzuJwLtpxrbyD89HqNuwyvSY
KWO9pbW4eGJZrzQACOWzvTvMuDvvFY3EebuRlBWdHO7FJJ0PyjVucGEK3Quiop1+
N1VURdaF3YMlEwmInb+1RVsLOFQEy08dLdHAXqt6o59mBIElx/3FkpnklWklGm1X
UesDDkMNiWq5/Qr4bRgC7eKQZit7BrFYd2z7Xhuo3HYPusep9kxh3QHcvc/gzorx
Z/+Erfw5uNumvtiZ154B
=vbPG
—–END PGP SIGNATURE—–
—