Python-keystoneclient is a client library and a command line utility for
interacting with the OpenStack Identity API.
It was found that Python-keystoneclient treated all settings in paste.ini
files as string types. If the “insecure” option were set to any value in a
paste.ini configuration file, it would be evaluated as true, resulting in
TLS connections being vulnerable to man-in-the-middle attacks.
(CVE-2014-7144)
Note that when the “insecure” option was not set in paste.ini, it evaluated
to false, and verification was performed.
This update also fixes the following bugs:
Previously, when running Python-keystoneclient in the DEBUG log level,
sensitive data may have been logged in plain text. Refer to the OSSN-0024
document, linked to in the References, for further information.
(BZ#1106328)
Previously, when attempting to enable the use of the s3_token middleware,
for use with the Amazon Simple Storage Service (Amazon S3) APIs, a “No
module named webob” error was returned. (BZ#1133431)
All python-keystoneclient users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-keystoneclient | < 0.9.0-5.el7ost | python-keystoneclient-0.9.0-5.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-keystoneclient-doc | < 0.9.0-5.el7ost | python-keystoneclient-doc-0.9.0-5.el7ost.noarch.rpm |
RedHat | 7 | src | python-keystoneclient | < 0.9.0-5.el7ost | python-keystoneclient-0.9.0-5.el7ost.src.rpm |