drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenStack
Name: |
Mehrere Probleme in OpenStack |
|
ID: |
USN-4480-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS |
|
Datum: |
Di, 1. September 2020, 23:10 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1892119257904854533== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5 Content-Type: multipart/mixed; boundary="oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd"
--oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4480-1 September 01, 2020
keystone vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenStack Keystone.
Software Description: - keystone: OpenStack identity service
Details:
It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. (CVE-2020-12689, CVE-2020-12691)
It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. (CVE-2020-12690)
It was discovered that OpenStack Keystone incorrectly handled EC2 signature TTL checks. A remote attacker could possibly use this issue to reuse Authorization headers. (CVE-2020-12692)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: keystone 2:13.0.4-0ubuntu1 python-keystone 2:13.0.4-0ubuntu1
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4480-1 CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692
Package Information: https://launchpad.net/ubuntu/+source/keystone/2:13.0.4-0ubuntu1
--oXduZMq8A4PS1kODauHrd2Rn5qA5njgpd--
--MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9OOXYACgkQZWnYVadE vpO5ZQ//bQb8hb58+rPV6idIlYnbDJ2nw5Wz3LlvW0fscvPZ/MTe8bj22AJobivx mTwQXllD1Cv5iX6uZ8KrruI3Y71353E4lAKtVEE+7vb7tftPcNQ/DYJ7w8L9NRxb gdBB++hZGhglJO/iUBXYYX9mYUG9GeMkxa2sKI/hZcEXTPei1zD8XlUX6W8Wpw7f DVb2JTRpIgJqFBrdf4RH/HeYBW2jz1suFuySoLklxSbC8Ke1BZboTQ82umKGs5Ny vwoSLpjJ2bErC57LkRoEMfGJvN2weyxtLusqYcYL0XpPW7+17gHfFLUIYyQq4y2D nqhFmZZuLZtWka3UaFin3O4k1jQ5SFD0Mx7e5UpZX9G8/AQqtb2RETs0AOvU022Z t8xCiyb1XQfhROMnX5Jxfa2Sgd/2SrCuAo2GwELsy0jbt62YbPJoJtJGJxEeRLfW R/VdVCI5G8rVNmboXGLVdC54Y4jIm5N8JuCdisN16sRlxlNDq91dc7CFKzTL9iTX HrXzr/MT2sXYbh14xxI9EL8xrZo5jsgRTePH1jfB5YE6RsQpb88egvsLUz3CkcNU YzHzCBBBentj9KEFNgH+7sEAnjzzYQhiU5vMnNkrdyPZDp7QGZzyYbdM9g71Ae04 PIzfZlgm6eJFr4YWHb/9zg6q+MV25jtAFoaVY4mjCaA6JupTLC4= =NcjT -----END PGP SIGNATURE-----
--MwYdcTuP3TyBzoZExE4VjKM8wgT8C7LT5--
--===============1892119257904854533== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============1892119257904854533==--
|
|
|
|