Описание
Security update for python modules
This update for several python modules provides the following security fix and improvements.
-
python-keystonemiddleware:
- Fix s3_token middleware parsing insecure option (bsc#928205, CVE-2015-1852)
-
python-novaclient:
- Update novaclient shell to use shared arguments from Session (bnc#933758)
- Support using the Keystone V3 API from the Nova CLI (bnc#933758)
-
python-swiftclient:
- Add dependency to python-setuptools (bnc#914910)
-
python-glanceclient:
- Remove deprecation warning
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
python-glanceclient-0.15.0-3.1
python-keystoneclient-1.0.0-19.1
python-keystoneclient-doc-1.0.0-19.1
python-keystonemiddleware-1.2.0-4.1
python-novaclient-2.20.0-6.1
python-novaclient-doc-2.20.0-6.1
python-swiftclient-2.3.1-3.1
python-swiftclient-doc-2.3.1-3.1
Ссылки
- Link for SUSE-SU-2015:1602-1
- E-Mail link for SUSE-SU-2015:1602-1
- SUSE Security Ratings
- SUSE Bug 914910
- SUSE Bug 928205
- SUSE Bug 933758
- SUSE CVE CVE-2015-1852 page
Описание
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-glanceclient-0.15.0-3.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-keystoneclient-1.0.0-19.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-keystoneclient-doc-1.0.0-19.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-keystonemiddleware-1.2.0-4.1
Ссылки
- CVE-2015-1852
- SUSE Bug 928205