Publié :: 2018-08-20
Mis à jour :: 2018-08-20

RHSA-2018:2523 - Security Advisory

Aperçu général
Paquets mis à jour

Synopsis

Important: openstack-keystone security and bug fix update

Type / Sévérité

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identifiez et remédiez aux systèmes concernés par cette alerte.

Voir les systèmes concernés

Sujet

An update for openstack-keystone is now available for Red Hat OpenStack Platform 12.0 (Pike).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

Security Fix(es):

openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Produits concernés

Red Hat OpenStack for IBM Power 12 ppc64le
Red Hat OpenStack 12 x86_64

Correctifs

BZ - 1577965 - Unable to dump policy using oslopolicy-policy-generator
BZ - 1592446 - Rebase openstack-keystone to 22af1d9
BZ - 1606868 - CVE-2018-14432 openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects

CVE

CVE-2018-14432

Références

https://access.redhat.com/security/updates/classification/#important

Remarque: Il existe peut-être des versions plus récentes de ces paquets. Cliquer sur un nom de paquet pour obtenir plus de détails.

Red Hat OpenStack for IBM Power 12

SRPM
openstack-keystone-12.0.0-6.el7ost.src.rpm	SHA-256: c392c0bd27c169d4e60cf9d44d98f0b7675272d3ade111502aaf3256ffc0b74f
ppc64le
openstack-keystone-12.0.0-6.el7ost.noarch.rpm	SHA-256: d4e4316bca6feafc148dc23b22998d9ec75d27526f231f6fb4844192257d5952
python-keystone-12.0.0-6.el7ost.noarch.rpm	SHA-256: 8fab6f120cc3eb0bd9776cca90cb07e7aba32905636d1ecab2e7f12d12218d7a
python-keystone-tests-12.0.0-6.el7ost.noarch.rpm	SHA-256: e5885cead0aa1fb0f017f8087a59e88a792d824a3fd45326bb7eec095ffabc43

Red Hat OpenStack 12

SRPM
openstack-keystone-12.0.0-6.el7ost.src.rpm	SHA-256: c392c0bd27c169d4e60cf9d44d98f0b7675272d3ade111502aaf3256ffc0b74f
x86_64
openstack-keystone-12.0.0-6.el7ost.noarch.rpm	SHA-256: d4e4316bca6feafc148dc23b22998d9ec75d27526f231f6fb4844192257d5952
python-keystone-12.0.0-6.el7ost.noarch.rpm	SHA-256: 8fab6f120cc3eb0bd9776cca90cb07e7aba32905636d1ecab2e7f12d12218d7a
python-keystone-tests-12.0.0-6.el7ost.noarch.rpm	SHA-256: e5885cead0aa1fb0f017f8087a59e88a792d824a3fd45326bb7eec095ffabc43

Le contact Red Hat Security est secalert@redhat.com. Plus d'infos contact à https://access.redhat.com/security/team/contact/.

Sélectionnez la langue

Infrastructure et gestion

Informatique Cloud

Stockage

Runtimes

Intégration et automatisation