OpenStack Keystone Vulnerability Fixed in Ubuntu 12.10 and Ubuntu 12.04

In order to repair the problem, users will have to upgrade the operating system

By on February 21st, 2013 10:25 GMT

On February 20, in a security notice Canonical published details about OpenStack Keystone vulnerabilities for its Ubuntu 12.10 and Ubuntu 12.04 operating systems.

According to Canonical, Keystone could be made to crash or expose sensitive information over the network.

For example, it was discovered that Keystone did not properly verify disabled users. An authenticated (disabled user), would continue to have access rights that were removed.

For a more detailed description of the security problems, you can visit Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest python-keystone package, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary to implement the changes.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Comments