Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 13.04 USN-1830-1 Critical: Keystone Network Access Threat

Calendar May 16, 2013 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory update critical ubuntu network access resource access keystone
Keystone would allow unintended access over the network. 

=========================================================================Ubuntu Security Notice USN-1830-1
May 16, 2013

keystone vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Keystone would allow unintended access over the network.

Software Description:
- keystone: OpenStack identity service

Details:

Sam Stoelinga discovered that Keystone would not immediately invalidate
tokens when deleting users via the v2 API. A deleted user would be able to
continue to use resources until the token lifetime expired.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
  python-keystone                 1:2013.1-0ubuntu1.1

Ubuntu 12.10:
  python-keystone
2012.2.3+stable-20130206-82c87e56-0ubuntu2.1

Ubuntu 12.04 LTS:
  python-keystone
2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1830-1
  CVE-2013-2059

Package Information:
  https://launchpad.net/ubuntu/+source/keystone/1:2013.1-0ubuntu1.1

https://launchpad.net/ubuntu/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2.1

https://launchpad.net/ubuntu/+source/keystone/2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

Ubuntu 13.04 USN-1830-1 Critical: Keystone Network Access Threat

ubuntu
Calendar Grey May 16, 2013
Dist Ubuntu Esm H88
Security flaw in Keystone exposes unauthorized network entry; enhance your infrastructure to address this OpenStack vulnerability.
Keystone would allow unintended access over the network.

Summary

Topics%20covered

Topics Covered

security advisory update critical ubuntu network access resource access keystone

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: python-keystone 1:2013.1-0ubuntu1.1 Ubuntu 12.10: python-keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2.1 Ubuntu 12.04 LTS: python-keystone 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1830-1

CVE-2013-2059

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-1830-1

Topics%20covered

Topics Covered

security advisory update critical ubuntu network access resource access keystone

Package Information

https://launchpad.net/ubuntu/+source/keystone/1:2013.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2.1 https://launchpad.net/ubuntu/+source/keystone/2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here