keystone 2:13.0.4-0ubuntu1 source package in Ubuntu
Changelog
keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium [ Chris MacNaughton ] * d/watch: Update to point at opendev.org. * New stable point release for OpenStack Queens (LP: #1893234). - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream release. [ Corey Bryant ] * SECURITY UPDATE: EC2 and/or credential endpoints are not protected from a scoped context. Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID. - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security issues with EC2 credentials, addressing several issues in the creation and use of EC2/S3 credentials with keystone tokens. - CVE-2020-12689, CVE-2020-12691 * SECURITY UPDATE: OAuth1 request token authorize silently ignores roles parameter. - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized roles are respected. - CVE-2020-12691 * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2 credential auth method. - debian/patches/CVE-2020-12692.patch: Check timestamp of signed EC2 token request. - CVE-2020-12692 -- Corey Bryant <email address hidden> Fri, 28 Aug 2020 09:29:34 -0400
Upload details
- Uploaded by:
- Corey Bryant
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Bionic | updates | main | net | |
Bionic | security | main | net |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
keystone_13.0.4.orig.tar.gz | 1.4 MiB | 6aa728c6827c62fbc44dbb8aae459de02f0f090eefceb4f1410974ae13d03aaf |
keystone_13.0.4-0ubuntu1.debian.tar.xz | 29.6 KiB | 2aab126e6f91e2f20de3132e24ff94c7ed6bfc2186d5dd7875de485003d0e1c7 |
keystone_13.0.4-0ubuntu1.dsc | 3.9 KiB | 6f68e94fc2fa594cfa030cd7bf5061f9c8bcdffddf2ceded4777ff834985eb49 |
Available diffs
Binary packages built by this source
- keystone: OpenStack identity service - Daemons
Keystone is a proposed independent authentication service for OpenStack.
.
This initial proof of concept aims to address the current use cases in Swift
and Nova which are:
.
* REST-based, token auth for Swift
* many-to-many relationship between identity and tenant for Nova. Keystone
does authentication and stuff
.
This package contains the daemons.
- keystone-doc: OpenStack identity service - Documentation
Keystone is a proposed independent authentication service for OpenStack.
.
This initial proof of concept aims to address the current use cases in Swift
and Nova which are:
.
* REST-based, token auth for Swift
* many-to-many relationship between identity and tenant for Nova. Keystone
does authentication and stuff
.
This package contains the documentation.
- python-keystone: OpenStack identity service - Python library
Keystone is a proposed independent authentication service for OpenStack.
.
This initial proof of concept aims to address the current use cases in Swift
and Nova which are:
.
* REST-based, token auth for Swift
* many-to-many relationship between identity and tenant for Nova. Keystone
does authentication and stuff
.
This package contains the Python libraries.