Site Navigation:
security openstack-keystone-2012.1.2-4.el6 security update
Status:stable
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2012-12782
Builds: openstack-keystone-2012.1.2-4.el6 (logs)
Pushed: True
Date Submitted: 2012-08-31 00:50:08
Date Released: 2012-08-31 17:46:54
Date Modified: 2012-09-28 16:05:22
Submitter: apevec
Karma: 0
Details
  • Require authz to update user's tenant (CVE-2012-3542)
  • Delete user tokens after role grant/revoke (CVE-2012-4413)
  • Fails to validate tokens in Admin API (CVE-2012-4456)
  • Fails to raise Unauthorized user error for disabled tenant (CVE-2012-4457)
Bugs Fixed
853245 - CVE-2012-3542: OpenStack Keystone: Lack of authorization for adding users to tenants [epel-6]
856720 - CVE-2012-4413: OpenStack-Keystone: role revocation token issues [epel-6]
861183 - CVE-2012-4456: CVE-2012-4457 openstack-keystone various flaws [epel-6]
Feedback
bodhi - 2012-08-31 00:50:27
This update has been submitted for testing by apevec.
bodhi - 2012-08-31 17:00:01
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2012-08-31 18:32:55
This update has been pushed to testing
bodhi - 2012-09-12 18:10:04
apevec has edited this update. New build(s): openstack-keystone-2012.1.2-3.el6. Removed build(s): openstack-keystone-2012.1.2-2.el6.
bodhi - 2012-09-12 18:11:20
This update has been submitted for testing by apevec.
bodhi - 2012-09-13 17:45:18
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2012-09-13 19:03:26
This update has been pushed to testing
bodhi - 2012-09-16 08:36:23
apevec has edited this update. New build(s): openstack-keystone-2012.1.2-4.el6. Removed build(s): openstack-keystone-2012.1.2-3.el6.
bodhi - 2012-09-16 08:37:13
This update has been submitted for testing by apevec.
bodhi - 2012-09-16 17:10:52
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2012-09-16 18:28:24
This update has been pushed to testing
bodhi - 2012-09-30 22:04:39
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2012-09-30 22:28:16
This update has been submitted for stable by apevec.
bodhi - 2012-10-01 17:27:50
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2012-10-01 19:03:16
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters