552676 – <sys-auth/keystone-2014.2.3-r2: Information disclosure (CVE-2015-3646)

Bug 552676 - <sys-auth/keystone-2014.2.3-r2: Information disclosure (CVE-2015-3646)

Summary: <sys-auth/keystone-2014.2.3-r2: Information disclosure (CVE-2015-3646)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-06-20 20:25 UTC by GLSAMaker/CVETool Bot
Modified:	2015-06-20 20:26 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2015-06-20 20:25:28 UTC

CVE-2015-3646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3646):
  OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4
  logs the backend_argument configuration option content, which allows remote
  authenticated users to obtain passwords and other sensitive backend
  information by reading the Keystone logs.


*keystone-2014.2.3-r2 (05 May 2015)
	
	  05 May 2015; Matthew Thode <prometheanfire@gentoo.org>
	  +files/CVE-2015-3646-2014.2.3.patch, +keystone-2014.2.3-r2.ebuild,
	  -keystone-2014.2.3-r1.ebuild:
	  fixing a new cve 0day :D

Comment 1 Sean Amoss (RETIRED) gentoo-dev

2015-06-20 20:26:10 UTC

Closing noglsa for ~arch only.