The openstack-keystone packages provide keystone, a Python implementation
of the OpenStack Identity service API, which provides Identity, Token,
Catalog, and Policy services.
A flaw was discovered in the way the LDAP backend in keystone handled the
removal of a role. A user could unintentionally be granted a role if the
role being removed had not been previously granted to that user. Note that
only OpenStack Identity setups using an LDAP backend were affected.
(CVE-2013-4477)
All openstack-keystone users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | python-keystone | < 2013.1.4-2.el6ost | python-keystone-2013.1.4-2.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-keystone-doc | < 2013.1.4-2.el6ost | openstack-keystone-doc-2013.1.4-2.el6ost.noarch.rpm |
RedHat | 6 | src | openstack-keystone | < 2013.1.4-2.el6ost | openstack-keystone-2013.1.4-2.el6ost.src.rpm |
RedHat | 6 | noarch | openstack-keystone | < 2013.1.4-2.el6ost | openstack-keystone-2013.1.4-2.el6ost.noarch.rpm |