Ubuntu
keystone package

keystone 2:13.0.4-0ubuntu1 source package in Ubuntu

Changelog

keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium

  [ Chris MacNaughton ]
  * d/watch: Update to point at opendev.org.
  * New stable point release for OpenStack Queens (LP: #1893234).
    - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream
      release.

  [ Corey Bryant ]
  * SECURITY UPDATE: EC2 and/or credential endpoints are not protected
    from a scoped context. Keystone V3 /credentials endpoint policy
    logic allows to change credentials owner or target project ID.
    - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security
      issues with EC2 credentials, addressing several issues in the
      creation and use of EC2/S3 credentials with keystone tokens.
    - CVE-2020-12689, CVE-2020-12691
  * SECURITY UPDATE: OAuth1 request token authorize silently ignores
    roles parameter.
    - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized
      roles are respected.
    - CVE-2020-12691
  * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2
    credential auth method.
    - debian/patches/CVE-2020-12692.patch: Check timestamp of signed
      EC2 token request.
    - CVE-2020-12692

 -- Corey Bryant <email address hidden>  Fri, 28 Aug 2020 09:29:34 -0400

Upload details

Uploaded by:
Corey Bryant
Sponsored by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates main net
Bionic security main net

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
keystone_13.0.4.orig.tar.gz 1.4 MiB 6aa728c6827c62fbc44dbb8aae459de02f0f090eefceb4f1410974ae13d03aaf
keystone_13.0.4-0ubuntu1.debian.tar.xz 29.6 KiB 2aab126e6f91e2f20de3132e24ff94c7ed6bfc2186d5dd7875de485003d0e1c7
keystone_13.0.4-0ubuntu1.dsc 3.9 KiB 6f68e94fc2fa594cfa030cd7bf5061f9c8bcdffddf2ceded4777ff834985eb49

View changes file

Binary packages built by this source

keystone: OpenStack identity service - Daemons

 Keystone is a proposed independent authentication service for OpenStack.
 .
 This initial proof of concept aims to address the current use cases in Swift
 and Nova which are:
 .
  * REST-based, token auth for Swift
  * many-to-many relationship between identity and tenant for Nova. Keystone
    does authentication and stuff
 .
 This package contains the daemons.

keystone-doc: OpenStack identity service - Documentation

 Keystone is a proposed independent authentication service for OpenStack.
 .
 This initial proof of concept aims to address the current use cases in Swift
 and Nova which are:
 .
  * REST-based, token auth for Swift
  * many-to-many relationship between identity and tenant for Nova. Keystone
    does authentication and stuff
 .
 This package contains the documentation.

python-keystone: OpenStack identity service - Python library

 Keystone is a proposed independent authentication service for OpenStack.
 .
 This initial proof of concept aims to address the current use cases in Swift
 and Nova which are:
 .
  * REST-based, token auth for Swift
  * many-to-many relationship between identity and tenant for Nova. Keystone
    does authentication and stuff
 .
 This package contains the Python libraries.