Tuesday, February 5, 2013

[USN-1715-1] OpenStack Keystone vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJREYO3AAoJEFHb3FjMVZVzPRwP/0Bc4quMBrh1IUU1VtpCnmxw
x3EkUuv49fYm4LtN65BFOra2atXWQRrghtp1aufbckbs9ftHE6Lipez/Jz0mlQ1j
dUqYZsQ88NY40PbHolpwXxxWO+MrgIkPve5hStCXt4SX2y6RYX8FajnN+FFRhDVZ
y7ccEAqPm+E5KFB+RRkbq7Jv5MMXUcTMdmJ76U7iAHceHkvFoY0qvVv/rtZsX1w8
1kqlCa0e9AbXdVbr4b9amWwLxlZG0AY15dVBjpJzx5B5FN2Vt/znyz1l+g+gsphX
0o6jUzDonPYALc5Zf2CRuasEThNBYPz+qeyblz58BKr74/WUf2uQevm5bQWS1K4f
ACcGFOo6bUNdjMEdPdJl8z591j0/ive/nFMu38QjDwiuEaegqpWOjgqFkZri4SGm
yxketJxdqlM+NiVVVSL9fPxaRxicjv9hzck5xsEjDe2NRdptwb0f3Chb3iayDpCf
8Siw/6MOF1B0mOdG89SiFhNV+SoEx0sPLT4UEyI3ccbvr3j04e6fqT04QQx+tU5o
sjF1A790Jnb9XOEp6FzAF0GxzWK+4o2vBEqlzKCqfnHiuhA96N1VZFJjUWp04R2A
BJGAodaxKexZk3CyoiUADYxrvt81J2juVNKn5gFhrkDBhJoS/+7wvQU5CICseCQB
GGZapklXU8L+lhTFzw4U
=qEin
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1715-1
February 05, 2013

keystone vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Keystone could be made to fill server disks with error messages.

Software Description:
- keystone: OpenStack identity service

Details:

Dan Prince discovered that Keystone did not properly perform input
validation when handling certain error conditions. An unauthenticated user
could exploit this to cause a denial of service in Keystone API servers via
disk space exhaustion.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-keystone 2012.2.1-0ubuntu1.1

Ubuntu 12.04 LTS:
python-keystone 2012.1+stable~20120824-a16a0ab9-0ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1715-1
CVE-2013-0247

Package Information:
https://launchpad.net/ubuntu/+source/keystone/2012.2.1-0ubuntu1.1

https://launchpad.net/ubuntu/+source/keystone/2012.1+stable~20120824-a16a0ab9-0ubuntu2.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)