Ubuntu Security Notice USN-2406-1
11th November, 2014
keystone vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
OpenStack Keystone could be made to expose sensitive information over the
network.
Software description
- keystone
– OpenStack identity service
Details
Brant Knudson discovered that OpenStack Keystone did not properly perform
input sanitization when performing endpoint catalog substitution. A remote
attacker with privileged access for creating endpoints could exploit this
to obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-keystone
1:2014.1.3-0ubuntu2.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.