Ubuntu Security Notice 3448-1 - Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations.
c17d9dfabe42e69aeb2a88ad9d00135975ba69cdd7efa593c4a28685c4d015dd
Red Hat Security Advisory 2017-1597-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7ce5a937781538a68f366244f4d415c9484ec8458131eb303ef5866f6bf3a4f0
Red Hat Security Advisory 2017-1461-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7d6c4ffd475ea30ae31b4f9eebfd936963f3c4b0fac5b38ff2ae1022fa243ac5