(RHSA-2013:1524) Moderate: openstack-keystone security and bug fix update

ID RHSA-2013:1524
Type redhat
Reporter RedHat
Modified 2018-06-09T14:17:32


The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services.

It was found that tokens issued to a tenant were not invalidated when that tenant was disabled in Keystone. This could allow users assigned to a disabled tenant to retain access to resources they should no longer be able to access. (CVE-2013-4222)

These updated packages have been upgraded to upstream version 2013.1.4, which provides a number of bug fixes over the previous version. (BZ#1021641)

This update also fixes the following bug:

  • WebOb 1.0 has been removed from the Red Hat Openstack 3.0 package requirements; all packages now use WebOb 1.2.3. (BZ#1012694)

All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically.