Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

Ubuntu 14.04 LTS USN-2406-1 Critical: OpenStack Keystone Info Exposure

ubuntu
Calendar Grey November 11, 2014
Scroller Ubuntu Esm H88
Security Update for Ubuntu 14.04 LTS concerning the OpenStack Keystone vulnerability, which may inadvertently expose confidential information via the network.
OpenStack Keystone could be made to expose sensitive information over the network.

Summary

OpenStack Keystone could be made to expose sensitive information over the

network.

Software Description:

- keystone: OpenStack identity service

Details:

Brant Knudson discovered that OpenStack Keystone did not properly perform

input sanitization when performing endpoint catalog substitution. A remote

attacker with privileged access for creating endpoints could exploit this

to obtain sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  python-keystone                 1:2014.1.3-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2406-1

CVE-2014-3621

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2406-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.