SUSE-SU-2014:1219-1: moderate: Security update for openstack-keystone

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 26 13:04:10 MDT 2014 

   SUSE Security Update: Security update for openstack-keystone
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1219-1
Rating:             moderate
References:         #892095 #892097 #892099 
Cross-References:   CVE-2014-5251 CVE-2014-5252 CVE-2014-5253
                   
Affected Products:
                    SUSE Cloud 4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes one version update.

Description:


   This openstack-keystone update fixes the following security issues:

       * bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252)
       * bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251)
       * bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253)

   Security Issues:

       * CVE-2014-5251
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251>
       * CVE-2014-5252
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252>
       * CVE-2014-5253
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 4:

      zypper in -t patch sleclo40sp3-openstack-keystone-9636

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev3.gb812131]:

      openstack-keystone-2014.1.3.dev3.gb812131-0.7.1
      python-keystone-2014.1.3.dev3.gb812131-0.7.1

   - SUSE Cloud 4 (noarch) [New Version: 2014.1.3.dev3.gb812131]:

      openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2014-5251.html
   http://support.novell.com/security/cve/CVE-2014-5252.html
   http://support.novell.com/security/cve/CVE-2014-5253.html
   https://bugzilla.suse.com/892095
   https://bugzilla.suse.com/892097
   https://bugzilla.suse.com/892099
   http://download.suse.com/patch/finder/?keywords=0e8fec5bb9d4da67df0f3484184b5fe3

More information about the sle-security-updates mailing list