14 matches found
keystonemiddleware (>=1.3.2 <=1.5.3), python-ceilometerclient (>=1.0.14 <=1.1.2) +7 more potentially affected by CVE-2015-1852 via python-keystoneclient (>=1.1.0 <=1.3.4)
python-keystoneclient PYPI version =1.1.0, =1.3.2, =1.0.14, =1.1.2, =0.14.3, =0.9.4, =0.5.8, =2.23.2, =1.0.4, =1.0.5 Source cves: CVE-2015-1852 Source advisory: OSV:GHSA-P9WQ-MJH8-Q72M...
Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546)
Summary IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack that could allow: - a man-in-the-middle attack, caused by an error in the api-paste.ini configuration file. A remote attacker could exploit this vulnerability using a specially-crafted...
Moderate: Red Hat Security Advisory: python-keystoneclient security update
Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Moderate: Red Hat Security Advisory: python-keystoneclient and python-keystonemiddlware security update
Updated python-keystoneclient and python-keystonemiddleware packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...
[USN-2705-1] Keystone vulnerabilities
========================================================================== Ubuntu Security Notice USN-2705-1 August 06, 2015 python-keystoneclient, python-keystonemiddleware vulnerabilities ========================================================================== A security issue affects these...
USN-2705-1: Keystone vulnerabilities
Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. CVE-2014-7144 Brant Knudson...
Ubuntu: Security Advisory (USN-2705-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Keystone vulnerabilities (USN-2705-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2705-1 advisory. Qin Zhao discovered Keystone disabled certification verification when the insecure option is set in a paste configuration paste.ini file regardless of th...
Fedora 22 : python-keystonemiddleware-1.3.2-1.fc22 (2015-11656)
Update to upstream 1.3.2 which incldes fix for CVE-2015-1852 Update to upstream 1.3.1 + S3token incorrect condition expression for sslinsecure CVE-2015-1852 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
Fedora Update for python-keystonemiddleware FEDORA-2015-11656
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2015:1208-1 Security update for python-keystoneclient
The python-keystoneclient was updated to fix one security issues. The following vulnerability was fixed: - bsc928205: S3Token TLS cert verification option not honored CVE-2015-1852...
SUSE-SU-2015:1141-1 Security update for python-keystoneclient
python-keystoneclient was updated to fix two security issues: bsc928205: S3Token TLS certificate verification option not honored. CVE-2015-1852 bsc897103: TLS certificate verification option not honored in paste configs. CVE-2014-7144 Security Issues: CVE-2014-7144 CVE-2015-1852...
DEBIAN-CVE-2015-1852
The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...
CVE-2015-1852
OpenStack keystonemiddleware and python-keystoneclient are vulnerable to a man-in-the-middle attack when the paste.ini configuration’s insecure option is used. Specifically, the s3_token middleware in keystonemiddleware (and python-keystoneclient) disables TLS certificate verification if insecure...