Sicherheit: Mangelnde Rechteprüfung in OpenStack

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6768925398088837440==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7KkiAS843mBpfCqOExPemo0gJKv6snC4r"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7KkiAS843mBpfCqOExPemo0gJKv6snC4r
Content-Type: multipart/mixed;
boundary="fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <6a7eb3b2-ceb7-3540-33ef-549f6b0ea739@canonical.com>
Subject: [USN-3448-1] OpenStack Keystone vulnerability

--fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3448-1
October 11, 2017

keystone vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

OpenStack Keystone would allow unintended access over the network.

Software Description:
- keystone: OpenStack identity service

Details:

Boris Bobrov discovered that OpenStack Keystone incorrectly handled
federation mapping when there are rules in which group-based assignments
are not used. A remote authenticated user may receive all the roles
assigned to a project regardless of the federation mapping, contrary to
expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
keystone 2:9.3.0-0ubuntu3.1
python-keystone 2:9.3.0-0ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3448-1
CVE-2017-2673

Package Information:
https://launchpad.net/ubuntu/+source/keystone/2:9.3.0-0ubuntu3.1

--fLqmiaXnhLIDWN0W2SCxkDE4E0qKKNcSC--

--7KkiAS843mBpfCqOExPemo0gJKv6snC4r
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZ3ht5AAoJEGVp2FWnRL6TJjQP/3sY6And2aLA5o2QE7eMg0IX
NTm8iz8SFuJpWCgN+V7DQl/rpenu6xBOHlCUuiDa7cI2NlEPxRiVYe/ziL/e0xAS
vQITUUTqXBOV2rjL2zTyInEiPz60DJ8HkhIJWKaPbhEMxAoSfZXnK8O0fRd6ukrI
y3+UZzXkiygtPrJUEGjVUgLOm2ED4wHsIGFw60u5B3J9MuM/0ILn3FPrWfDTx/2r
VSOgTwpT7lNvxu4hRhPaGSBOodDUoGGAk6Fbaq/J+32t/yJqYgOyCGsgzGeADCgh
QGcl4BoAGBe11k2P6nM7fvnBdHS9AjAAxGDrHY0Dn6YoC9jYipZJGvb9u0bnIcwe
hGmFZIps1NTwYVftxH0TsIartsNfNULOGQhLR2JYSRfypvhinqv+zg+e9NVK7Hfg
7c2h6Vf6ZTDW3OyW0xCCgonXvZs/ElvCsiOjRx14gzuJwLtpxrbyD89HqNuwyvSY
KWO9pbW4eGJZrzQACOWzvTvMuDvvFY3EebuRlBWdHO7FJJ0PyjVucGEK3Quiop1+
N1VURdaF3YMlEwmInb+1RVsLOFQEy08dLdHAXqt6o59mBIElx/3FkpnklWklGm1X
UesDDkMNiWq5/Qr4bRgC7eKQZit7BrFYd2z7Xhuo3HYPusep9kxh3QHcvc/gzorx
Z/+Erfw5uNumvtiZ154B
=vbPG
-----END PGP SIGNATURE-----

--7KkiAS843mBpfCqOExPemo0gJKv6snC4r--

--===============6768925398088837440==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6768925398088837440==--