SUSE-SU-2014:0163-1: moderate: Security update for openstack-keystone

sle-security-updates at sle-security-updates at
Thu Jan 30 14:05:15 MST 2014

   SUSE Security Update: Security update for openstack-keystone

Announcement ID:    SUSE-SU-2014:0163-1
Rating:             moderate
References:         #837800 #839876 #843443 #848066 
Cross-References:   CVE-2013-4222 CVE-2013-4477
Affected Products:
                    SUSE Cloud 2.0

   An update that solves two vulnerabilities and has two fixes
   is now available. It includes one version update.


   This version update fixes the following security issues:

   * remove role assignment adds role using LDAP
   assignment (CVE-2013-4477)
   * revoke user tokens when disabling/deleting a project

   Security Issue references:

   * CVE-2013-4477
   * CVE-2013-4222


   Everybody should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 2.0:

      zypper in -t patch sleclo20sp3-openstack-keystone-8675

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.g82dcde0]:


   - SUSE Cloud 2.0 (noarch) [New Version: 2013.1.5.a2.g82dcde0]:



More information about the sle-security-updates mailing list