SUSE-SU-2014:1219-1: moderate: Security update for openstack-keystone
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Sep 26 13:04:10 MDT 2014
SUSE Security Update: Security update for openstack-keystone
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1219-1
Rating: moderate
References: #892095 #892097 #892099
Cross-References: CVE-2014-5251 CVE-2014-5252 CVE-2014-5253
Affected Products:
SUSE Cloud 4
______________________________________________________________________________
An update that fixes three vulnerabilities is now
available. It includes one version update.
Description:
This openstack-keystone update fixes the following security issues:
* bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252)
* bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251)
* bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253)
Security Issues:
* CVE-2014-5251
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251>
* CVE-2014-5252
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252>
* CVE-2014-5253
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 4:
zypper in -t patch sleclo40sp3-openstack-keystone-9636
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev3.gb812131]:
openstack-keystone-2014.1.3.dev3.gb812131-0.7.1
python-keystone-2014.1.3.dev3.gb812131-0.7.1
- SUSE Cloud 4 (noarch) [New Version: 2014.1.3.dev3.gb812131]:
openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1
References:
http://support.novell.com/security/cve/CVE-2014-5251.html
http://support.novell.com/security/cve/CVE-2014-5252.html
http://support.novell.com/security/cve/CVE-2014-5253.html
https://bugzilla.suse.com/892095
https://bugzilla.suse.com/892097
https://bugzilla.suse.com/892099
http://download.suse.com/patch/finder/?keywords=0e8fec5bb9d4da67df0f3484184b5fe3
More information about the sle-security-updates
mailing list