Security update for openstack-keystone
SUSE Security Update: Security update for openstack-keystone
This version update fixes the following security issues:
* remove role assignment adds role using LDAP
assignment (CVE-2013-4477)
* revoke user tokens when disabling/deleting a project
(CVE-2013-4222)
Security Issue references:
* CVE-2013-4477
>
* CVE-2013-4222
>
Announcement ID: | SUSE-SU-2014:0163-1 |
Rating: | moderate |
References: | #837800 #839876 #843443 #848066 |
Affected Products: |
An update that solves two vulnerabilities and has two fixes is now available. It includes one version update.
Description:
This version update fixes the following security issues:
* remove role assignment adds role using LDAP
assignment (CVE-2013-4477)
* revoke user tokens when disabling/deleting a project
(CVE-2013-4222)
Security Issue references:
* CVE-2013-4477
* CVE-2013-4222
Indications:
Everybody should update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 2.0:
zypper in -t patch sleclo20sp3-openstack-keystone-8675
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.g82dcde0]:
- openstack-keystone-2013.1.5.a2.g82dcde0-0.7.1
- python-keystone-2013.1.5.a2.g82dcde0-0.7.1
- SUSE Cloud 2.0 (noarch) [New Version: 2013.1.5.a2.g82dcde0]:
- openstack-keystone-doc-2013.1.5.a2.g82dcde0-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2013-4222.html
- http://support.novell.com/security/cve/CVE-2013-4477.html
- https://bugzilla.novell.com/837800
- https://bugzilla.novell.com/839876
- https://bugzilla.novell.com/843443
- https://bugzilla.novell.com/848066
- http://download.novell.com/patch/finder/?keywords=3ac1770b48f8df2913e60fe8fc0e81ab