← Back to team overview

openstack team mailing list archive

Re: [oss-security] Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413)

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2012 11:07 AM, Matt Joyce wrote:
> This is not a repeat of cve-2012-3426?

Quite different:

CVE-2012-3426 OpenStack-Keystone: token expiration issues
https://bugzilla.redhat.com/show_bug.cgi?id=843311

CVE-2012-4413 OpenStack-Keystone: role revocation token issues
https://bugzilla.redhat.com/show_bug.cgi?id=855491

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQUMSyAAoJEBYNRVNeJnmTtXkP/RrHCL0aOigaKrV4X/giNR3q
KbUcbRl2evec6d5mNryQjOT+lAQK96DHApTCvjvVNFZ/ubFKn22A5ld761IAnsbV
QE72PqM6UxriZFFujgW0RXRpjmmtTwcw0tjDb5xZh6PaVg41RJxMzjMNV8DmGLoi
1Gg6YyQabD8RkkYxlCqSw2Msfo2a+Zh3VZRzM1HmZwyY69dwIdW6YfCyH+owfUgL
rAjDpfX5sAc3rpEwfDrstV86UzdwI9bPDa9U2nuOM07/BP7FX+3DCi8R36hZq4ey
caVermEytfVWiiLfARz0KC7O/KhTSmEKaVplLAdxNK716HstCjZTsFf72LchwnHP
AG0gyu1em00wTAuR/oDXjOinwtnk14wKc4pZZa5g7TeCgG9N9KTyrXqEEuDPjdB7
3gTWmhflKSQLzBkrhZ1AdurkFJolFLiYfIvfw4VlZjluYbHOkJkXhxLw6CHNLcOf
QSzD+S5n6Glb16r5eHoBNdUk3bvdlm3B7eaIHWfnsnRFMuFegpnp5sEBqdtgd8nC
KOD3U4KQI6BAtq3HI6YnsK8QuJC5PBLeT1nZmvmdD0S4v/wMQ8hLf7rPfm8xhtmZ
6r6gKoPMgGDss/2dZWpX8upWt5X9IxBUimRc2ItKQZdII6s+iGclVixq7JqqEI30
31C8uRBQ6pO6zCVXrU/q
=RgK0
-----END PGP SIGNATURE-----


References