Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS USN-4480-1 Critical: Keystone Auth Issues

ubuntu
Calendar Grey September 1, 2020
Dist Ubuntu Esm H88
Ubuntu 18.04 LTS Glance security patch resolves multiple elevation of privilege vulnerabilities.
Several security issues were fixed in OpenStack Keystone.

Summary

Several security issues were fixed in OpenStack Keystone.

Software Description:

- keystone: OpenStack identity service

Details:

It was discovered that OpenStack Keystone incorrectly handled EC2

credentials. An authenticated attacker with a limited scope could possibly

create EC2 credentials with escalated permissions. (CVE-2020-12689,

CVE-2020-12691)

It was discovered that OpenStack Keystone incorrectly handled the list of

roles provided with OAuth1 access tokens. An authenticated user could

possibly end up with more role assignments than intended. (CVE-2020-12690)

It was discovered that OpenStack Keystone incorrectly handled EC2 signature

TTL checks. A remote attacker could possibly use this issue to reuse

Authorization headers. (CVE-2020-12692)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  keystone                        2:13.0.4-0ubuntu1
  python-keystone                 2:13.0.4-0ubuntu1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4480-1

CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692

Severity
critical
Lowest
Low
Medium
High
Critical

September 01, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here