-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4679-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 06, 2020                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : keystone
CVE ID         : not yet available
Debian Bug     : 959900

A vulnerability was found in the EC2 credentials API of Keystone, the
OpenStack identity service: Any user authenticated within a limited
scope (trust/oauth/application credential) could create an EC2 credential
with an escalated permission, such as obtaining "admin" while
the user is on a limited "viewer" role.

For the stable distribution (buster), this problem has been fixed in
version 2:14.2.0-0+deb10u1.

We recommend that you upgrade your keystone packages.

For the detailed security status of keystone please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/keystone

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6zIwkACgkQEMKTtsN8
Tjb8fRAAi5rEWlp7Y4LzE7q/lI8R/622m/8nGve65O8FfnRJdp1jjkORvTSOuX7j
l5QH6x6juRwU9j6HhYtotcCi7HMIl3R9Xw75AHIZPor/evL+P2Ry8lVnXqui2qVj
BUMgjo7xJE8LBTrtXqI1dBfHi+4KHfwKYMG0MGvuBo4mWFCdwD5BioYjklcmdanS
2MxmCHxooQn+3ZYQE/fb0JIMUctp/qf/EUMyn/8IkvBk41Rac4yI2efLLl8TJGst
im+X8f/pZsnmP3uzYcNz3hsEDQUvM5dp6We9VJjSLG33hOBs0rj87fTyfPJbK1Az
i/uLpVu2oJ6/9U5bZrgelD3z5OzY/t6O2JEPq/GUUcQbc7In3ih7U9y0qnC96c9O
xHUgC5wXFdInVSU+fFLzmJNWViOCCyOfWszI7GJUQzOkbSgXBf8Q+nN6N1YgUDwO
KfSs1URlfWxl51a+6+JEtje0WFuSnjcgFNt9WGIU7MX7gby7G30Ob9RYfMtYIZqs
51PjA/OlWZz7sQOX4TMqyDtEVMl08/uO/ftHfS60xG7APAx/v+JFxWe9ErsFZjvp
/rzH6Hzzz4WvOSK7zXCkqr35gp/CSqdQi57miQQ8ele4ySeeLH9tKssd40xJKMKN
FEkBHgmKV+5FbuuXcNnfxYXRQcmt/0GkzGCDhNqx2H2TFj3rqw4=
=go1k
-----END PGP SIGNATURE-----