SUSE-SU-2014:0163-1: moderate: Security update for openstack-keystone

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jan 30 14:05:15 MST 2014 

   SUSE Security Update: Security update for openstack-keystone
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0163-1
Rating:             moderate
References:         #837800 #839876 #843443 #848066 
Cross-References:   CVE-2013-4222 CVE-2013-4477
Affected Products:
                    SUSE Cloud 2.0
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available. It includes one version update.

Description:


   This version update fixes the following security issues:

   * remove role assignment adds role using LDAP
   assignment (CVE-2013-4477)
   * revoke user tokens when disabling/deleting a project
   (CVE-2013-4222)

   Security Issue references:

   * CVE-2013-4477
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
   >
   * CVE-2013-4222
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
   >

Indications:

   Everybody should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 2.0:

      zypper in -t patch sleclo20sp3-openstack-keystone-8675

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.g82dcde0]:

      openstack-keystone-2013.1.5.a2.g82dcde0-0.7.1
      python-keystone-2013.1.5.a2.g82dcde0-0.7.1

   - SUSE Cloud 2.0 (noarch) [New Version: 2013.1.5.a2.g82dcde0]:

      openstack-keystone-doc-2013.1.5.a2.g82dcde0-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2013-4222.html
   http://support.novell.com/security/cve/CVE-2013-4477.html
   https://bugzilla.novell.com/837800
   https://bugzilla.novell.com/839876
   https://bugzilla.novell.com/843443
   https://bugzilla.novell.com/848066
   http://download.novell.com/patch/finder/?keywords=3ac1770b48f8df2913e60fe8fc0e81ab

More information about the sle-security-updates mailing list