OpenStack Keystone Vulnerabilities Plugged for Ubuntu 12.10 and Ubuntu 12.04 LTS

On November 28, Canonical published details about OpenStack Keystone vulnerabilities for its Ubuntu 12.10 and Ubuntu 12.04 LTS operating systems.

According to Canonical, OpenStack Keystone could have allowed unintended access to files over the network.

It was discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials would have been allowed access, beyond the account owner's expectations.

Also, OpenStack Keystone did not properly implement token expiration. A remote attacker could have used this issue to continue to access an account that was disabled or had a changed password.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest lpython-keystone package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.