(RHSA-2014:0113) Moderate: openstack-keystone security update

The openstack-keystone packages provide keystone, a Python implementation
of the OpenStack Identity service API, which provides Identity, Token,
Catalog, and Policy services.

A flaw was discovered in the way the LDAP backend in keystone handled the
removal of a role. A user could unintentionally be granted a role if the
role being removed had not been previously granted to that user. Note that
only OpenStack Identity setups using an LDAP backend were affected.
(CVE-2013-4477)

All openstack-keystone users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.