USN-1830-1: OpenStack Keystone vulnerability
Ubuntu Security Notice USN-1830-1
16th May, 2013
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Keystone would allow unintended access over the network.
- keystone - OpenStack identity service
Sam Stoelinga discovered that Keystone would not immediately invalidate
tokens when deleting users via the v2 API. A deleted user would be able to
continue to use resources until the token lifetime expired.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 13.04:
- python-keystone 1:2013.1-0ubuntu1.1
- Ubuntu 12.10:
- python-keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2.1
- Ubuntu 12.04 LTS:
- python-keystone 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.