-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security update Advisory ID: RHSA-2019:4358-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4358 Issue date: 2019-12-19 CVE Names: CVE-2019-19687 ==================================================================== 1. Summary: An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 15.0 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. Security Fix(es): * Credentials API allows non-admin to list and retrieve all users credentials (CVE-2019-19687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1781470 - CVE-2019-19687 openstack-keystone: Credentials API allows non-admin to list and retrieve all users credentials 6. Package List: Red Hat OpenStack Platform 15.0: Source: openstack-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.src.rpm noarch: openstack-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.noarch.rpm python3-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19687 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXfvPCtzjgjWX9erEAQhscA/+JPQtUDhyQwtzei16r9+RMXMNu9kzScZc ZaRJXZuF3nyG3qoOI2GPoS8Vn3oVvW2sHgpJczoWusW2tBtuupPK02ezuRFCNx31 i8PqIu9WYJL11UeCSrlyemIC6c0VR4K5+b/i+crmDvBoTzJLDL7TUb8EqznjhGhA lvFAvEGbAE2yM8YXMS/mMh/1VK8Mxo7jIYXLODr1rV6x1F+9SquYcnKC8ehMNfui ZuOlConk+cZtJuU29VR0d6JVNox9VQujT0nLyUyAJBE3ZMm5YgwBps9WGunTpTcJ UDWal2TMGEXxtE+LZrK4aeNoZvsKGVHxVYcry9zcKW94/k84krSW8PixUxZBNTXc xm+Dbk1twjsnnJq2nNL/FdujExs1O8YO30t5Ruy1oIYqKOShMkBhfhcnjLccytTf L4x3+n8vtFHTEreT5/Ie3QW5AVxUwsaWSxoMkg+9NyMEdbnVW5VIpuFJ6NlmilBC 4R4aMz5u0RRTxkElAgJVirQ9NogKNmUK1G/7O9LkBEMDUScWuqvTPIS18zrM7Kb+ Z/zGmD2ObTqP6x5zKSbvxYigqCdr0UzEz34zvlCi2qsbQereMwvTunNEebJTsayX RRt3Bjdyy1SBgLn1XvNDOS86MyNjM/Wu33Abv+f476luNT+1cnmj6ZfhprqiUYvQ XrjAwnHgF+w=XY9T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce