14 DAY TRIAL // In a security notice, Canonical published details about a OpenStack Keystone vulnerability in its Ubuntu 13.10 (Saucy Salamander), Ubuntu 13.04 (Raring Ringtail), and Ubuntu 12.10 (Quantal Quetzal) operating systems.
According to the company, Keystone would improperly remove roles when it was configured to use the LDAP backend.
A logic error has been discovered in the LDAP backend in Keystone. A problem occurred when removing a role on a tenant, for a user who didn't have that role. The LDAP backend would then add that role to the user.
An authenticated user could have used this exploit to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
For a more detailed description of the security problems, you can see Canonical's security notification.
The security flaws can be fixed if you upgrade your system(s) to the latest python-keystone package specific to each distribution. To apply the update, run the Update Manager application.
In general, a standard system update will make all the necessary changes, but this time a system restart will be necessary to implement them.