Security update for python-keystoneclient

SUSE Security Update: Security update for python-keystoneclient
Announcement ID: SUSE-SU-2013:1067-1
Rating: low
References: #817415
Affected Products:
  • SUSE Cloud 1.0

  • An update that fixes one vulnerability is now available.


    python-keystoneclient has been updated to the latest git
    version (e4ed1f3) which fixes also a security issue:

    * CVE-2013-2013: password disclosure on command line
    was fixed, which allowed local users to find out passwords
    via ps.

    Other changes:


    Update to latest git (e4ed1f3):

    o Fix scoped auth for non-admins (bug 1081192)

    Update to latest git (27f0c72):

    o Don't need to lazy load resources loaded from
    API o Add support for HEAD and PATCH o Add generic
    entity.delete() o Allow serialization impl to be overridden
    o enabling i18n with Babel o updating keystoneclient doc
    theme o updating base keystoneclient documentation o
    virtualenv quite installation for zypper o Manager for
    generic CRUD on v3 o v3 Client & test utils o change
    default wrap for tokens from 78 characters to 0 o v3
    Service CRUD o v3 Endpoint CRUD o v3 Policy CRUD o v3
    Domain CRUD o v3 Role CRUD o v3 Project CRUD o v3 User CRUD
    o v3 Credential CRUD o v3 List projects for a user o Fixed
    httplib2 mocking (bug 1050091, bug 1050097) o v3
    Domain/Project role grants o Enable/disable
    services/endpoints (bug 1048662) o bootstrap a keystone
    user (e.g. admin) in one cmd o Useful error msg when
    missing catalog (bug 949904) o Added 'service_id' column to
    endpoint-list o Ensure JSON isn't read on no HTTP response
    body o use mock context managers instead of
    decorators+functions o Fixes https connections to keystone
    when no CA certificates are specified. o add a new
    HTTPClient attr for setting the original IP o Add OpenStack
    trove classifier for PyPI o Don't log an exception for an
    expected empty catalog. o Replace refs to 'Keystone API'
    with 'Identity API' o Update --os-* error messages o
    HACKING compliance: consistent usage of 'except' o Fix
    keystoneclient so swift works against Rackspace Cloud Files
    o fixes 1075376 o Warn about bypassing auth on CLI (bug
    1076225) o check creds before token/endpoint (bug 1076233)
    o Check for auth URL before password (bug 1076235) o
    removing repeat attempt at authorization in client o Make
    initial structural changes to keystoneclient in preparation
    to moving auth_token here from keystone. No functional
    change should occur from this commit (even though it did
    refresh a newer copy of, none of
    the newer updates are in functions called from this client)
    o Add auth-token code to keystoneclient, along with
    supporting files o Update README and CLI help o fixes
    auth_ref initialization error o Throw validation response
    into the environment

    Add Provides/Obsoletes for openSUSE-12.2 package name
    (openstack-keystoneclient and python-python-keystoneclient)


    Update to latest git (6c127df):

    o Fix PEP8 issues. o fixing pep8 formatting for
    1.0.1+ pep8 o Fixed httplib2 mocking (bug 1050091, bug
    1050097) o Require httplib2 version 0.7 or higher. o
    removing deprecated commandline options o Handle "503
    Service Unavailable" exception. o Fixes setup compatibility
    issue on Windows o switching options to match
    authentication paths o Add wrap option to keystone
    token-get for humans o Allow empty description for tenants.
    o pep8 1.3.1 cleanup

    Security Issue reference:

    * CVE-2013-2013

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Cloud 1.0:
      zypper in -t patch sleclo10sp2-python-keystoneclient-7868

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Cloud 1.0 (x86_64):
    • python-keystoneclient-2012.1+git.1353428216.e4ed1f3-0.5.1