Publishing details

Published on 2020-09-10

Changelog

keystone (2:13.0.4-0ubuntu1~cloud0) xenial-queens; urgency=medium

  * New update for the Ubuntu Cloud Archive.

keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium

  [ Chris MacNaughton ]
  * d/watch: Update to point at opendev.org.
  * New stable point release for OpenStack Queens (LP: #1893234).
    - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream
      release.

  [ Corey Bryant ]
  * SECURITY UPDATE: EC2 and/or credential endpoints are not protected
    from a scoped context. Keystone V3 /credentials endpoint policy
    logic allows to change credentials owner or target project ID.
    - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security
      issues with EC2 credentials, addressing several issues in the
      creation and use of EC2/S3 credentials with keystone tokens.
    - CVE-2020-12689, CVE-2020-12691
  * SECURITY UPDATE: OAuth1 request token authorize silently ignores
    roles parameter.
    - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized
      roles are respected.
    - CVE-2020-12691
  * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2
    credential auth method.
    - debian/patches/CVE-2020-12692.patch: Check timestamp of signed
      EC2 token request.
    - CVE-2020-12692

 -- Openstack Ubuntu Testing Bot <email address hidden>  Thu, 10 Sep 2020 07:14:38 +0000

Available diffs

diff from 2:13.0.2-0ubuntu3~cloud0 to 2:13.0.4-0ubuntu1~cloud0 (26.2 KiB)

Builds

amd64

Built packages

keystone OpenStack identity service - Daemons

keystone-doc OpenStack identity service - Documentation

python-keystone OpenStack identity service - Python library

Package files

keystone-doc_13.0.4-0ubuntu1~cloud0_all.deb (2.3 MiB)
keystone_13.0.4-0ubuntu1~cloud0.debian.tar.xz (29.8 KiB)
keystone_13.0.4-0ubuntu1~cloud0.dsc (3.9 KiB)
keystone_13.0.4-0ubuntu1~cloud0_all.deb (54.6 KiB)
keystone_13.0.4.orig.tar.gz (1.4 MiB)
python-keystone_13.0.4-0ubuntu1~cloud0_all.deb (663.5 KiB)