Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 552676

Summary: <sys-auth/keystone-2014.2.3-r2: Information disclosure (CVE-2015-3646)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: openstack, prometheanfire
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 20:25:28 UTC 
CVE-2015-3646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3646):
  OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4
  logs the backend_argument configuration option content, which allows remote
  authenticated users to obtain passwords and other sensitive backend
  information by reading the Keystone logs.


*keystone-2014.2.3-r2 (05 May 2015)
	
	  05 May 2015; Matthew Thode <prometheanfire@gentoo.org>
	  +files/CVE-2015-3646-2014.2.3.patch, +keystone-2014.2.3-r2.ebuild,
	  -keystone-2014.2.3-r1.ebuild:
	  fixing a new cve 0day :D
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2015-06-20 20:26:10 UTC 
Closing noglsa for ~arch only.