14 DAY TRIAL // In a security notice, Canonical published details about an OpenStack Keystone vulnerability in its Ubuntu 13.10 (Saucy Salamander) operating system.
According to the company, Keystone access controls could have been circumvented via EC2-style tokens.
It has been discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could have exploited this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.
For a more detailed description of the problems, you can see Canonical's security notification.
The security flaws can be fixed if you upgrade your system(s) to the latest python-keystone package specific to each distribution. To apply the update, run the Update Manager application.
In general, a standard system update will make all the necessary changes, and this time a system restart won't be necessary to implement them.