The openstack-keystone packages provide Keystone, a Python implementation
of the OpenStack identity service API, which provides Identity, Token,
Catalog, and Policy services.
These updated packages have been upgraded to upstream version 2012.2.4,
which provides a number of bug fixes over the previous version. (BZ#950132)
This update also fixes the following security issue:
In environments using LDAP (Lightweight Directory Access Protocol), if
debug-level logging was enabled (for example, by enabling it in
“/etc/keystone/keystone.conf”), the LDAP server password was logged in
plain text to a world-readable log file. Debug-level logging is not enabled
by default. (CVE-2013-2006)
Additionally, this update also fixes the following bugs:
If the Keystone service incurred an HTTP error as a result of a transient
network error, authentication tokens were listed as invalid. With this
update, the Keystone service will now retry requests a few times before
failing, which masks transient network errors. (BZ#919526)
The “/var/log/keystone/” directory was world-readable. With this update,
world-read permissions have been removed. (BZ#956474)
All users of openstack-keystone are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the Keystone service (openstack-keystone) will be restarted
automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | openstack-keystone | < 2012.2.4-2.el6ost | openstack-keystone-2012.2.4-2.el6ost.src.rpm |
RedHat | 6 | noarch | openstack-keystone | < 2012.2.4-2.el6ost | openstack-keystone-2012.2.4-2.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-keystone-doc | < 2012.2.4-2.el6ost | openstack-keystone-doc-2012.2.4-2.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-keystone | < 2012.2.4-2.el6ost | python-keystone-2012.2.4-2.el6ost.noarch.rpm |