[ubuntu/bionic-updates] barbican 1:6.0.1-0ubuntu1.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Apr 25 14:58:21 UTC 2022


barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Access restrictions bypass
    - debian/patches/CVE-2022-23451.patch: Change access policies to
      secret metadata in barbican/common/policies/secretmeta.py. Add a new
      role in barbican/common/policies/base.py and make use of these changes
      in barbican/api/controllers/__init__.py,
      barbican/api/controllers/secretmeta.py and
      barbican/api/controllers/secrets.py.
    - debian/patches/CVE-2022-23451-post.patch: Change secret policies in
      barbican/common/policies/secrets.py, add tests in
      barbican/tests/api/test_resources_policy.py and
      functionaltests/api/v1/functional/test_secrets_rbac.py and update
      api guide in api-guide/source/acls.rst.
    - CVE-2022-23451
  * SECURITY UPDATE: Ownership bypass
    - debian/patches/CVE-2022-23452.patch: Update container secret policies
      in barbican/common/policies/containers.py and add a new role in
      barbican/common/policies/base.py.
    - CVE-2022-23452

Date: 2022-04-21 14:22:10.412851+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/barbican/1:6.0.1-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list