[ubuntu-cloud-archive/folsom-proposed] keystone (Accepted)

James Page james.page at ubuntu.com
Sat Jun 15 19:02:52 UTC 2013

 keystone (2012.2.4-0ubuntu3.1~cloud0) precise-folsom; urgency=low
   * New security update for the Ubuntu Cloud Archive.
 keystone (2012.2.4-0ubuntu3.1) quantal-security; urgency=low
   * SECURITY UPDATE: fix auth_token middleware neglects to check expiry of
     signed token when using PKI
     - debian/patches/CVE-2013-2104.patch: explicitly check the expiry on the
       tokens, and reject tokens that have expired. Also update test data
     - CVE-2013-2104
     - LP: #1179615
   * debian/patches/fix-testsuite-for-2038-problem.patch: Adjust json example
     cert data to use 2037 instead of 2112 and regenerate the certs. Also
     adjust token expiry data to use 2037 instead of 2999.
   * SECURITY UPDATE: fix authentication bypass when using LDAP backend
     - debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
       adjusted to raise an assertion for invalid password when using LDAP and
       an empty password is submitted
     - CVE-2013-2157
     - LP: #1187305

Date: Fri, 14 Jun 2013 12:24:23 -0700
Changed-By: Adam Gandelman <adamg at ubuntu.com>
Signed-By: Adam Gandelman
Published-By: James Page <james.page at ubuntu.com>

More information about the Cloud-archive-changes mailing list