RedHatRHSA-2014:1784(RHSA-2014:1784) Moderate: python-keystoneclient security and bug fix update
EPSS
Percentile
66.2%
Python-keystoneclient is a client library and a command line utility for
interacting with the OpenStack Identity API.
It was found that Python-keystoneclient treated all settings in paste.ini
files as string types. If the “insecure” option were set to any value in a
paste.ini configuration file, it would be evaluated as true, resulting in
TLS connections being vulnerable to man-in-the-middle attacks.
(CVE-2014-7144)
Note that when the “insecure” option was not set in paste.ini, it evaluated
to false, and verification was performed.
This update also fixes the following bugs:
-
Previously, when running Python-keystoneclient in the DEBUG log level,
sensitive data may have been logged in plain text. Refer to the OSSN-0024
document, linked to in the References, for further information.
(BZ#1106328) -
Previously, when attempting to enable the use of the s3_token middleware,
for use with the Amazon Simple Storage Service (Amazon S3) APIs, a “No
module named webob” error was returned. (BZ#1133431)
All python-keystoneclient users are advised to upgrade to these updated
packages, which correct these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | python-keystoneclient | < 0.9.0-5.el7ost | python-keystoneclient-0.9.0-5.el7ost.noarch.rpm |
| RedHat | 7 | noarch | python-keystoneclient-doc | < 0.9.0-5.el7ost | python-keystoneclient-doc-0.9.0-5.el7ost.noarch.rpm |
| RedHat | 7 | src | python-keystoneclient | < 0.9.0-5.el7ost | python-keystoneclient-0.9.0-5.el7ost.src.rpm |
Related
