Security update for openstack-keystone
SUSE Security Update: Security update for openstack-keystone
This openstack-keystone update fixes the following security issues:
* bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252)
* bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251)
* bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253)
Security Issues:
* CVE-2014-5251
* CVE-2014-5252
* CVE-2014-5253
Announcement ID: | SUSE-SU-2014:1219-1 |
Rating: | moderate |
References: | #892095 #892097 #892099 |
Affected Products: |
An update that fixes three vulnerabilities is now available. It includes one version update.
Description:
This openstack-keystone update fixes the following security issues:
* bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252)
* bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251)
* bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253)
Security Issues:
* CVE-2014-5251
* CVE-2014-5252
* CVE-2014-5253
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 4:
zypper in -t patch sleclo40sp3-openstack-keystone-9636
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev3.gb812131]:
- openstack-keystone-2014.1.3.dev3.gb812131-0.7.1
- python-keystone-2014.1.3.dev3.gb812131-0.7.1
- SUSE Cloud 4 (noarch) [New Version: 2014.1.3.dev3.gb812131]:
- openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2014-5251.html
- http://support.novell.com/security/cve/CVE-2014-5252.html
- http://support.novell.com/security/cve/CVE-2014-5253.html
- https://bugzilla.suse.com/892095
- https://bugzilla.suse.com/892097
- https://bugzilla.suse.com/892099
- http://download.suse.com/patch/finder/?keywords=0e8fec5bb9d4da67df0f3484184b5fe3