Ubuntu Security Notice 3448-1 - Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations.
c17d9dfabe42e69aeb2a88ad9d00135975ba69cdd7efa593c4a28685c4d015ddRed Hat Security Advisory 2017-1597-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7ce5a937781538a68f366244f4d415c9484ec8458131eb303ef5866f6bf3a4f0Red Hat Security Advisory 2017-1461-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7d6c4ffd475ea30ae31b4f9eebfd936963f3c4b0fac5b38ff2ae1022fa243ac5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed