Bug 1071434 (CVE-2014-2237)
Summary: | CVE-2014-2237 openstack-keystone: trustee token revocation does not work with memcache backend | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, apevec, ayoung, bfilippov, chrisw, dallan, d.busby, djorm, gkotton, gmollett, iheim, itamar, Jan.van.Eldik, jonathansteffan, jose.castro.leon, jrusnack, lhh, markmc, p, rbryant, rhos-maint, sclewis, yeylon |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-05-29 23:30:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1071493, 1071494, 1082418, 1085548 | ||
Bug Blocks: | 1039165, 1071436 |
Description
Vincent Danen
2014-02-28 19:17:47 UTC
This was assigned CVE-2014-2237: http://seclists.org/oss-sec/2014/q1/463 Created openstack-keystone tracking bugs for this issue: Affects: fedora-all [bug 1071493] Official fixes have been released: Icehouse (development branch) fix: https://review.openstack.org/60743 Havana fix: https://review.openstack.org/75521 Grizzly fix: https://review.openstack.org/75526 Notes: This fix will be included in the icehouse-3 development milestone and in future 2013.1.5 and 2013.2.3 releases. This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0368 https://rhn.redhat.com/errata/RHSA-2014-0368.html openstack-keystone-2013.1.5-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. openstack-keystone-2013.2.3-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0580 https://rhn.redhat.com/errata/RHSA-2014-0580.html |