Описание
Security update for python-keystoneclient
The python-keystoneclient was updated to fix one security issues.
The following vulnerability was fixed:
- bsc#928205: S3Token TLS cert verification option not honored (CVE-2015-1852)
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
python-keystoneclient-1.0.0-16.1
python-keystoneclient-doc-1.0.0-16.1
Ссылки
- Link for SUSE-SU-2015:1208-1
- E-Mail link for SUSE-SU-2015:1208-1
- SUSE Security Ratings
- SUSE Bug 928205
- SUSE CVE CVE-2015-1852 page
Описание
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-keystoneclient-1.0.0-16.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-keystoneclient-doc-1.0.0-16.1
Ссылки
- CVE-2015-1852
- SUSE Bug 928205