Important: Red Hat Security Advisory: python-keystoneclient security, bug fix, and enhancement update

Updated python-keystoneclient packages that fix two security issues, one bug, and add one enhancement are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...

OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)

Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞，允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...

[USN-1831-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

[USN-1830-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-1830-1 May 16, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

[USN-1875-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name...

Keystone: Missing expiration check in Keystone PKI token validation

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update

Updated python-keystoneclient packages that fix one security issue and multiple bugs are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

Ubuntu Update for nova USN-1831-2

Check for the Version of nova OpenVAS Vulnerability Test $Id: gbubuntuUSN18312.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for nova USN-1831-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu: Security Advisory (USN-1831-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1831-2: OpenStack Nova regression

USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Loganathan Parthipan discovered that Nova did...

CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

Fedora 19 : openstack-keystone-2013.1.1-1.fc19 (2013-8023)

First stable Grizzly update 2013.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.1-1.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Important: Red Hat Security Advisory: KVM image security update

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Fedora Update for openstack-keystone FEDORA-2013-8048

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-8048 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openstack-keystone FEDORA-2013-8048

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Fedora 18 : openstack-keystone-2012.2.4-3.fc18 (2013-8048)

Revoke tokens on user delete CVE-2013-2059 - authtoken: Securely create signingdir CVE-2013-2030 - avoid potential disclosure in log files and restrict /var/log/keystone/ CVE-2013-2006 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...