Mehrere Probleme in OpenStack
ID: | USN-4480-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 18.04 LTS |
Datum: | Di, 1. September 2020, 23:10 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690 |
Applikationen: | OpenStack |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1892119257904854533== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5 Content-Type: multipart/mixed; boundary="oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd" --oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-4480-1 September 01, 2020 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenStack Keystone. Software Description: - keystone: OpenStack identity service Details: It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. (CVE-2020-12689, CVE-2020-12691) It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. (CVE-2020-12690) It was discovered that OpenStack Keystone incorrectly handled EC2 signature TTL checks. A remote attacker could possibly use this issue to reuse Authorization headers. (CVE-2020-12692) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: keystone 2:13.0.4-0ubuntu1 python-keystone 2:13.0.4-0ubuntu1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4480-1 CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:13.0.4-0ubuntu1 --oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd-- --MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9OOXYACgkQZWnYVadE vpO5ZQ//bQb8hb58+rPV6idIlYnbDJ2nw5Wz3LlvW0fscvPZ/MTe8bj22AJobivx mTwQXllD1Cv5iX6uZ8KrruI3Y71353E4lAKtVEE+7vb7tftPcNQ/DYJ7w8L9NRxb gdBB++hZGhglJO/iUBXYYX9mYUG9GeMkxa2sKI/hZcEXTPei1zD8XlUX6W8Wpw7f DVb2JTRpIgJqFBrdf4RH/HeYBW2jz1suFuySoLklxSbC8Ke1BZboTQ82umKGs5Ny vwoSLpjJ2bErC57LkRoEMfGJvN2weyxtLusqYcYL0XpPW7+17gHfFLUIYyQq4y2D nqhFmZZuLZtWka3UaFin3O4k1jQ5SFD0Mx7e5UpZX9G8/AQqtb2RETs0AOvU022Z t8xCiyb1XQfhROMnX5Jxfa2Sgd/2SrCuAo2GwELsy0jbt62YbPJoJtJGJxEeRLfW R/VdVCI5G8rVNmboXGLVdC54Y4jIm5N8JuCdisN16sRlxlNDq91dc7CFKzTL9iTX HrXzr/MT2sXYbh14xxI9EL8xrZo5jsgRTePH1jfB5YE6RsQpb88egvsLUz3CkcNU YzHzCBBBentj9KEFNgH+7sEAnjzzYQhiU5vMnNkrdyPZDp7QGZzyYbdM9g71Ae04 PIzfZlgm6eJFr4YWHb/9zg6q+MV25jtAFoaVY4mjCaA6JupTLC4= =NcjT -----END PGP SIGNATURE----- --MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5-- --===============1892119257904854533== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============1892119257904854533==-- |