[PKG-Openstack-devel] Bug#751454: keystone: CVE-2014-3476: privilege escalation through trust chained delegation

Salvatore Bonaccorso carnil at debian.org
Fri Jun 13 04:44:44 UTC 2014


Source: keystone
Severity: grave
Tags: security upstream patch
Justification: user security hole

Hi Thomas,

As you might know, the following vulnerability was published for
keystone.

CVE-2014-3476[0]:
privilege escalation through trust chained delegation

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-3476
[1 ]http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html

Please adjust the affected versions in the BTS as needed. From the
advisory at least all version up to 2013.2.3, and 2014.1 to 2014.1.1
are affected.

Regards and thanks for your work,
Salvatore



More information about the Openstack-devel mailing list