what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 4679-1

Debian Security Advisory 4679-1
Posted May 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4679-1 - A vulnerability was found in the EC2 credentials API of Keystone, the scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role.

tags | advisory
systems | linux, debian
SHA-256 | 57abffa4201ffff7ed9e3092133cdd1fe8625030c63993ef966787f79303370f

Debian Security Advisory 4679-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4679-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 06, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : keystone
CVE ID : not yet available
Debian Bug : 959900

A vulnerability was found in the EC2 credentials API of Keystone, the
OpenStack identity service: Any user authenticated within a limited
scope (trust/oauth/application credential) could create an EC2 credential
with an escalated permission, such as obtaining "admin" while
the user is on a limited "viewer" role.

For the stable distribution (buster), this problem has been fixed in
version 2:14.2.0-0+deb10u1.

We recommend that you upgrade your keystone packages.

For the detailed security status of keystone please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/keystone

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6zIwkACgkQEMKTtsN8
Tjb8fRAAi5rEWlp7Y4LzE7q/lI8R/622m/8nGve65O8FfnRJdp1jjkORvTSOuX7j
l5QH6x6juRwU9j6HhYtotcCi7HMIl3R9Xw75AHIZPor/evL+P2Ry8lVnXqui2qVj
BUMgjo7xJE8LBTrtXqI1dBfHi+4KHfwKYMG0MGvuBo4mWFCdwD5BioYjklcmdanS
2MxmCHxooQn+3ZYQE/fb0JIMUctp/qf/EUMyn/8IkvBk41Rac4yI2efLLl8TJGst
im+X8f/pZsnmP3uzYcNz3hsEDQUvM5dp6We9VJjSLG33hOBs0rj87fTyfPJbK1Az
i/uLpVu2oJ6/9U5bZrgelD3z5OzY/t6O2JEPq/GUUcQbc7In3ih7U9y0qnC96c9O
xHUgC5wXFdInVSU+fFLzmJNWViOCCyOfWszI7GJUQzOkbSgXBf8Q+nN6N1YgUDwO
KfSs1URlfWxl51a+6+JEtje0WFuSnjcgFNt9WGIU7MX7gby7G30Ob9RYfMtYIZqs
51PjA/OlWZz7sQOX4TMqyDtEVMl08/uO/ftHfS60xG7APAx/v+JFxWe9ErsFZjvp
/rzH6Hzzz4WvOSK7zXCkqr35gp/CSqdQi57miQQ8ele4ySeeLH9tKssd40xJKMKN
FEkBHgmKV+5FbuuXcNnfxYXRQcmt/0GkzGCDhNqx2H2TFj3rqw4=
=go1k
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close