Security update for openstack-keystone

SUSE Security Update: Security update for openstack-keystone
Announcement ID: SUSE-SU-2014:0519-1
Rating: moderate
References: #866483 #869326
Affected Products:
  • SUSE Cloud 3

  • An update that solves one vulnerability and has one errata is now available. It includes one version update.


    Openstack Keystone has been updated to fix bugs and
    security issues.

    The following security issue has been fixed:

    * CVE-2014-2237: trustee token revocation did not work
    with the memcache backend.

    Additional changes:

    * Bump stable/havana next version to 2013.2.3.
    * SQLAlchemy: Change to support more strict dialect
    * Add hybrid identity and assignment keystone backends
    added patch for gettext import (bnc#869326)

    Security Issue references:

    * CVE-2014-2237

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Cloud 3:
      zypper in -t patch sleclo30sp3-openstack-keystone-9062

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev4.g27e1469]:
    • openstack-keystone-2013.2.3.dev4.g27e1469-0.7.1
    • python-keystone-2013.2.3.dev4.g27e1469-0.7.1