Python-keystoneclient is a client library and a command-line utility
for interacting with the OpenStack Identity API.
It was discovered that some items in the S3Token configuration as used by
python-keystoneclient were incorrectly evaluated as strings, an issue
similar to CVE-2014-7144. If the “insecure” option was set to “false”, the
option would be evaluated as true, resulting in TLS connections being
vulnerable to man-in-the-middle attacks. Note: The “insecure” option
defaults to false, so setups that do not specifically define
“insecure=false” are not affected. (CVE-2015-1852)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Brant Knudson from IBM as the original reporter.
All python-keystoneclient users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-keystoneclient | < 0.9.0-6.el7ost | python-keystoneclient-0.9.0-6.el7ost.noarch.rpm |
RedHat | 6 | noarch | python-keystoneclient-doc | < 0.9.0-6.el6ost | python-keystoneclient-doc-0.9.0-6.el6ost.noarch.rpm |
RedHat | 6 | src | python-keystoneclient | < 0.9.0-6.el6ost | python-keystoneclient-0.9.0-6.el6ost.src.rpm |
RedHat | 7 | noarch | python-keystoneclient-doc | < 0.9.0-6.el7ost | python-keystoneclient-doc-0.9.0-6.el7ost.noarch.rpm |
RedHat | 6 | noarch | python-keystoneclient | < 0.9.0-6.el6ost | python-keystoneclient-0.9.0-6.el6ost.noarch.rpm |