Important: Red Hat Security Advisory: python-keystoneclient security, bug fix, and enhancement update

Updated python-keystoneclient packages that fix two security issues, one bug, and add one enhancement are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...

OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)

Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞，允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...

[USN-1875-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1831-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.1-1.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Important: Red Hat Security Advisory: KVM image security update

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Fedora Update for openstack-keystone FEDORA-2013-8048

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-8048 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

CVE-2013-2006

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

DEBIAN-CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

Design/Logic Flaw

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

Design/Logic Flaw

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

Authentication flaw

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

CVE-2013-1977

OpenStack CVE-2013-1977 affects Keystone.conf handling in devstack/OpenStack deployments. The root cause is world-readable permissions on keystone.conf, enabling local users to read sensitive data such as LDAP passwords and the admin_token. Multiple connected sources corroborate this issue across...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-2006

OpenStack Keystone (Grizzly 2013.1.1) is affected by CVE-2013-2006: when DEBUG logging is enabled, Keystone can write admin_token and LDAP password in plaintext to log files, enabling local disclosure of sensitive data. The issue is documented in related advisories (RHSA-2013:0806; GHSA-RXRM-XVP4...

CVE-2013-2059

OpenStack Keystone vulnerability CVE-2013-2059 affects Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana. The root cause is that authentication tokens are not immediately revoked when deleting a user via the Keystone v2 API, allowing remote authenticated users to retain access via ...