SUSE-SU-2014:1219-1: moderate: Security update for openstack-keystone

sle-updates at sle-updates at
Fri Sep 26 13:04:10 MDT 2014

   SUSE Security Update: Security update for openstack-keystone

Announcement ID:    SUSE-SU-2014:1219-1
Rating:             moderate
References:         #892095 #892097 #892099 
Cross-References:   CVE-2014-5251 CVE-2014-5252 CVE-2014-5253
Affected Products:
                    SUSE Cloud 4

   An update that fixes three vulnerabilities is now
   available. It includes one version update.


   This openstack-keystone update fixes the following security issues:

       * bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252)
       * bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251)
       * bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253)

   Security Issues:

       * CVE-2014-5251
       * CVE-2014-5252
       * CVE-2014-5253

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 4:

      zypper in -t patch sleclo40sp3-openstack-keystone-9636

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev3.gb812131]:


   - SUSE Cloud 4 (noarch) [New Version: 2014.1.3.dev3.gb812131]:



More information about the sle-updates mailing list