drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in OpenStack
Name: |
Mangelnde Rechteprüfung in OpenStack |
|
ID: |
USN-3448-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Mi, 11. Oktober 2017, 17:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6768925398088837440== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7KkiAS843mBpfCqOExPemo0gJKv6snC4r"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7KkiAS843mBpfCqOExPemo0gJKv6snC4r Content-Type: multipart/mixed; boundary="fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <6a7eb3b2-ceb7-3540-33ef-549f6b0ea739@canonical.com> Subject: [USN-3448-1] OpenStack Keystone vulnerability
--fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3448-1 October 11, 2017
keystone vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
OpenStack Keystone would allow unintended access over the network.
Software Description: - keystone: OpenStack identity service
Details:
Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: keystone 2:9.3.0-0ubuntu3.1 python-keystone 2:9.3.0-0ubuntu3.1
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3448-1 CVE-2017-2673
Package Information: https://launchpad.net/ubuntu/+source/keystone/2:9.3.0-0ubuntu3.1
--fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC--
--7KkiAS843mBpfCqOExPemo0gJKv6snC4r Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZ3ht5AAoJEGVp2FWnRL6TJjQP/3sY6And2aLA5o2QE7eMg0IX NTm8iz8SFuJpWCgN+V7DQl/rpenu6xBOHlCUuiDa7cI2NlEPxRiVYe/ziL/e0xAS vQITUUTqXBOV2rjL2zTyInEiPz60DJ8HkhIJWKaPbhEMxAoSfZXnK8O0fRd6ukrI y3+UZzXkiygtPrJUEGjVUgLOm2ED4wHsIGFw60u5B3J9MuM/0ILn3FPrWfDTx/2r VSOgTwpT7lNvxu4hRhPaGSBOodDUoGGAk6Fbaq/J+32t/yJqYgOyCGsgzGeADCgh QGcl4BoAGBe11k2P6nM7fvnBdHS9AjAAxGDrHY0Dn6YoC9jYipZJGvb9u0bnIcwe hGmFZIps1NTwYVftxH0TsIartsNfNULOGQhLR2JYSRfypvhinqv+zg+e9NVK7Hfg 7c2h6Vf6ZTDW3OyW0xCCgonXvZs/ElvCsiOjRx14gzuJwLtpxrbyD89HqNuwyvSY KWO9pbW4eGJZrzQACOWzvTvMuDvvFY3EebuRlBWdHO7FJJ0PyjVucGEK3Quiop1+ N1VURdaF3YMlEwmInb+1RVsLOFQEy08dLdHAXqt6o59mBIElx/3FkpnklWklGm1X UesDDkMNiWq5/Qr4bRgC7eKQZit7BrFYd2z7Xhuo3HYPusep9kxh3QHcvc/gzorx Z/+Erfw5uNumvtiZ154B =vbPG -----END PGP SIGNATURE-----
--7KkiAS843mBpfCqOExPemo0gJKv6snC4r--
--===============6768925398088837440== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6768925398088837440==--
|
|
|
|