drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in OpenStack
Name: |
Mangelnde Prüfung von Zertifikaten in OpenStack |
|
ID: |
USN-1772-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.10 |
|
Datum: |
Do, 21. März 2013, 08:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1865 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6986710982324705245== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig3D72C2D17809BA51659A3584"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig3D72C2D17809BA51659A3584 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1772-1 March 20, 2013
keystone vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
Under certain configurations, Keystone would allow unintended access over the network.
Software Description: - keystone: OpenStack identity service
Details:
Guang Yee discovered that Keystone would not always perform all verification checks when configured to use PKI. If the keystone server was configured to use PKI and services or users requested online verification, an attacker could potentially exploit this to bypass revocation checks. Keystone uses UUID tokens by default in Ubuntu.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: python-keystone 2012.2.1-0ubuntu1.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1772-1 CVE-2013-1865
Package Information: https://launchpad.net/ubuntu/+source/keystone/2012.2.1-0ubuntu1.3
--------------enig3D72C2D17809BA51659A3584 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRSiInAAoJEFHb3FjMVZVzvBwQALKc+DXZluCCS9bWdfhDploX VnZqUvWZJgh5UOZf+DgEdtfbXAk2UXhsSIrbnJu3yMqC7HQHsJdVCqm4/V4aeBG5 nebc11Arvc565BepMfTbRgrvO6OlmvtxblQlSa6sRZtHnCjOb/9valQ48pzQ2ZfT QOh7L5OrVkob0BRg7+JK2OBK2vQDvoVyjzxcya/mRimOcMfD01Wd3rpbVI++ckQw abf7/pPRaOUBTROsIvNcaUjHyLIMjEQWfePjIZNsr7BZeBxLAUDDBqZEIUUFSV+X j5rMo2LAi5oRFKE3ePgw8Q61Ioe/JB7mzSSzKloegkmi562ZBMD8eTF//nL+IQqV WNhdtDY12f8Cz389wRODALTkZYTM071fJ+70y0NGwspg/yALXTNs7iwGQZjApjVR 5WIHilmHZthsBPURwthP403ZGLRTA98LNnQLrq2qLYS7IROmlw8AN+YvFL/Znhll 5GrsfkjhzXiIXGSO6kRHTv0JBvGYtpvB09chp5TiqoKczm/Kvq+Dd2DP9PKTlgt0 +irdHyL3gNa5fUdw1aQUXCrvhWWLUy0kwhwlMRkUsKvykMSyYO6wmFBzERfOQDz4 0UcuKMA0vnZjrANO4mySjLiiPtBxDdvTYDz9zJVduDhJZJyvHx2UMqaRdpgy58eM MOo28oWOn7KK0icoaDt8 =gLnf -----END PGP SIGNATURE-----
--------------enig3D72C2D17809BA51659A3584--
--===============6986710982324705245== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6986710982324705245==--
|
|
|
|