UbuntuUpdates.org

Package "keystone-doc"

Name: keystone-doc

Description:

OpenStack identity service - Documentation

Latest version: 2:13.0.4-0ubuntu1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: keystone
Homepage: http://launchpad.net/keystone

Links


Download "keystone-doc"


Other versions of "keystone-doc" in Bionic

Repository Area Version
base main 2:13.0.0-0ubuntu1
security main 2:13.0.4-0ubuntu1

Changelog

Version: 2:13.0.4-0ubuntu1 2020-09-01 13:07:05 UTC

  keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium

  [ Chris MacNaughton ]
  * d/watch: Update to point at opendev.org.
  * New stable point release for OpenStack Queens (LP: #1893234).
    - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream
      release.

  [ Corey Bryant ]
  * SECURITY UPDATE: EC2 and/or credential endpoints are not protected
    from a scoped context. Keystone V3 /credentials endpoint policy
    logic allows to change credentials owner or target project ID.
    - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security
      issues with EC2 credentials, addressing several issues in the
      creation and use of EC2/S3 credentials with keystone tokens.
    - CVE-2020-12689, CVE-2020-12691
  * SECURITY UPDATE: OAuth1 request token authorize silently ignores
    roles parameter.
    - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized
      roles are respected.
    - CVE-2020-12691
  * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2
    credential auth method.
    - debian/patches/CVE-2020-12692.patch: Check timestamp of signed
      EC2 token request.
    - CVE-2020-12692

 -- Corey Bryant <email address hidden> Fri, 28 Aug 2020 09:29:34 -0400

Source diff to previous version
CVE-2020-12689 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application crede
CVE-2020-12691 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a pro
CVE-2020-12690 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. T
CVE-2020-12692 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An atta

Version: 2:13.0.2-0ubuntu3 2020-01-15 02:06:40 UTC

  keystone (2:13.0.2-0ubuntu3) bionic; urgency=medium

  * d/p/0002-fixing-dn-to-id.patch: Dropped. This patch shouldn't have
    been backported to stable/queens (LP: #1850634).

 -- Corey Bryant <email address hidden> Wed, 30 Oct 2019 08:55:58 -0400

Source diff to previous version
1850634 queens regresion: _dn_to_id() not using utf8_encode/decode

Version: 2:13.0.2-0ubuntu1 2018-12-18 23:06:46 UTC

  keystone (2:13.0.2-0ubuntu1) bionic; urgency=medium

  * New stable point release for OpenStack Queens (LP: #1806043).

 -- Corey Bryant <email address hidden> Mon, 03 Dec 2018 09:16:03 -0500

Source diff to previous version

Version: 2:13.0.1-0ubuntu1 2018-11-13 18:07:03 UTC

  keystone (2:13.0.1-0ubuntu1) bionic; urgency=medium

  * d/gbp.conf: Create stable/queens branch.
  * New stable point release for OpenStack Queens (LP: #1795424).
  * d/p/msgpack-python-compat.patch: Dropped as package has since been renamed
    to python-msgpack instead of msgpack-python.

 -- Corey Bryant <email address hidden> Mon, 01 Oct 2018 11:39:45 -0400




About   -   Send Feedback to @ubuntu_updates