[ubuntu/jammy-updates] keystone 2:21.0.1-0ubuntu2.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Dec 11 18:29:50 UTC 2025
keystone (2:21.0.1-0ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: Unauthenticated access to EC2/S3 token endpoints can
grant Keystone authorization (LP: 2119646)
- d/p/lp2119646.patch: Add a policy to enforce authentication with a
user in the service group.
- d/p/Consistent-and-Secure-RBAC-Phase-1.patch: Update system-scoped
policies to also accept project-admin tokens.
- d/p/Fix-policies-for-groups.patch: Fix policies for groups.
- d/p/Allow-admin-to-access-tokens-and-credentials.patch: Allos users
with the "admin" role to access /v3/auth/tokens and /v3/credentials.
- d/p/Dont-enforce-when-HTTP-GET-on-s3tokens-and-ec2tokens.patch:
Don't enforce when HTTP GET on s3tokens and ec2tokens.
- CVE-2025-65073
Date: 2025-12-09 14:48:11.173543+00:00
Changed-By: Felipe Reyes <felipe.reyes at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/keystone/2:21.0.1-0ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list