Bug 968328
Summary: | CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation [fedora-18] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | openstack-keystone | Assignee: | Alan Pevec (Fedora) <apevec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 18 | CC: | apevec, apevec, bfilippov, breu, Jan.van.Eldik, jlieskov, jonathansteffan, jose.castro.leon, markmc, p, rbryant |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openstack-keystone-2012.2.4-5.fc18 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-09 17:00:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 965852 |
Description
Jan Lieskovsky
2013-05-29 13:20:47 UTC
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=965852,968328 Note that fix is in F18 openstack-keystone (Folsom) and in F19 python-keystoneclient (Grizzly). Should I use this BZ# for both or you prefer to create separate f18/f19 clones? (In reply to Alan Pevec from comment #2) > Note that fix is in F18 openstack-keystone (Folsom) and in F19 > python-keystoneclient (Grizzly). > Should I use this BZ# for both or you prefer to create separate f18/f19 > clones? Alan, python-keystoneclient in Fedora-19 has been already updated by Jakub: http://koji.fedoraproject.org/koji/buildinfo?buildID=422736 , wasn't it? Or is the above just to have child bug for Bodhi update request? If so, I would create one for you, just let me know. (In reply to Jan Lieskovsky from comment #3) > Alan, python-keystoneclient in Fedora-19 has been already updated by Jakub: > http://koji.fedoraproject.org/koji/buildinfo?buildID=422736 > > , wasn't it? Or is the above just to have child bug for Bodhi update request? Yes, please create new F19/python-keystoneclient clone to push python-keystoneclient-0.2.3-4.fc19 update, I'm changing this one from fedora-all to fedora-18 (In reply to Alan Pevec from comment #4) > (In reply to Jan Lieskovsky from comment #3) > > Alan, python-keystoneclient in Fedora-19 has been already updated by Jakub: > > http://koji.fedoraproject.org/koji/buildinfo?buildID=422736 > > > > , wasn't it? Or is the above just to have child bug for Bodhi update request? > > Yes, please create new F19/python-keystoneclient clone to push > python-keystoneclient-0.2.3-4.fc19 update, I'm changing this one from > fedora-all to fedora-18 python-keystoneclient child bugs for both Fedora Rawhide and Fedora EPEL-6 now created: https://bugzilla.redhat.com/show_bug.cgi?id=965852#c11 python-keystoneclient versions in Fedora 17 and Fedora 18 weren't affected by this problem yet. Let me know if you need anything else. openstack-keystone-2012.2.4-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/openstack-keystone-2012.2.4-4.fc18 Package openstack-keystone-2012.2.4-4.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openstack-keystone-2012.2.4-4.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-4.fc18 then log in and leave karma (feedback). Package openstack-keystone-2012.2.4-5.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openstack-keystone-2012.2.4-5.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-10713/openstack-keystone-2012.2.4-5.fc18 then log in and leave karma (feedback). openstack-keystone-2012.2.4-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |