Python-keystonemiddleware (formely python-keystoneclient) is a client library
and a command line utility for interacting with the OpenStack Identity API.
Red Hat Enterprise OpenStack Platform 6.0 contains and uses both the
python-keystonemiddleware and python-keystoneclient versions of this
package.
It was discovered that some items in the the S3Token configuration as used
by python-keystonemiddleware and python-keystoneclient were incorrectly
evaluated as strings, an issue similar to CVE-2014-7144. This would result
in a setting for ‘insecure=false’ to evaluate as true and leave TLS
connections open to MITM. (CVE-2015-1852)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Brant Knudson from IBM as the original reporter.
Note: “insecure” defaults to false, so setups that do not specifically define
“insecure=false” are unaffected.
All python-keystoneclient users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-keystoneclient-doc | < 0.11.1-2.el7ost | python-keystoneclient-doc-0.11.1-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-keystoneclient | < 0.11.1-2.el7ost | python-keystoneclient-0.11.1-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-keystonemiddleware-doc | < 1.3.2-1.el7ost | python-keystonemiddleware-doc-1.3.2-1.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-keystonemiddleware | < 1.3.2-1.el7ost | python-keystonemiddleware-1.3.2-1.el7ost.noarch.rpm |