=========================================================================Ubuntu Security Notice USN-4262-1
January 30, 2020

keystone vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10

Summary:

OpenStack Keystone could be made to expose sensitive information over the
network.

Software Description:
- keystone: OpenStack identity service

Details:

Daniel Preussker discovered that OpenStack Keystone incorrectly handled the
list credentials API. A user with a role on the project could use this
issue to view any other user's credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  keystone                        2:16.0.0-0ubuntu1.1
  python3-keystone                2:16.0.0-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4262-1
  CVE-2019-19687

Package Information:
  https://launchpad.net/ubuntu/+source/keystone/2:16.0.0-0ubuntu1.1

Ubuntu 4262-1: OpenStack Keystone vulnerability

January 30, 2020
OpenStack Keystone could be made to expose sensitive information over the network.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: keystone 2:16.0.0-0ubuntu1.1 python3-keystone 2:16.0.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4262-1

CVE-2019-19687

Severity
January 30, 2020

Package Information

https://launchpad.net/ubuntu/+source/keystone/2:16.0.0-0ubuntu1.1

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo