Python-keystoneclient is a client library and a command line utility for
interacting with the OpenStack Identity API. The OpenStack Identity
auth_token middleware component handles the authentication of tokens
with keystone.
It was found that python-keystoneclient treated all settings in paste.ini
files as string types. If the “insecure” option were set to any value in a
paste.ini configuration file, it would be evaluated as true, resulting in
TLS connections being vulnerable to man-in-the-middle attacks.
(CVE-2014-7144)
Note that when the “insecure” option was not set in paste.ini, it evaluated
to false, and verification was performed.
All python-keystoneclient users are advised to upgrade to these updated
packages, which correct this issue. After installing this update, all
OpenStack services using auth_token must be restarted for this update to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | python-keystoneclient | < 0.7.1-5.el6ost | python-keystoneclient-0.7.1-5.el6ost.src.rpm |
RedHat | 6 | noarch | python-keystoneclient-doc | < 0.7.1-5.el6ost | python-keystoneclient-doc-0.7.1-5.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-keystoneclient | < 0.7.1-5.el6ost | python-keystoneclient-0.7.1-5.el6ost.noarch.rpm |