- Issued:
- 2015-04-16
- Updated:
- 2015-04-16
RHBA-2015:0823 - Bug Fix Advisory
Synopsis
openstack-keystone bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Identity packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 7.
Description
Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware. This advisory includes
packages for:
- OpenStack Identity service
The OpenStack Identity service (keystone) authenticates and authorizes
OpenStack users by keeping track of users and their permitted activities.
The Identity service supports multiple forms of authentication including
user name and password credentials, token-based systems, and AWS-style
logins.
This update addresses the following issues:
- Rebase package(s) to version: 2014.1.4
Highlights, important fixes, or notable enhancements:
When a domain was disabled in keystone, the projects within that domain were
still enabled. This allowed a user from a different domain to obtain tokens from
a project in a disabled domain. Keystone has been fixed to no longer allow
tokens to be issue for projects within a disabled domain. (Launchpad #1315556)
A race condition in keystone existed where two user add operations occurring at
the same time would conflict if the default role was not created yet. This would
cause the user add operations to fail. This has been fixed to allow both user
add operations to complete successfully. (Launchpad #1419043)
When running keystone in eventlet (keystone-all), an error in the way that the
logging is initialized could have led to a race condition under heavy load. This
race condition could have resulted in potential deadlocks. The initialization of
the logging has been corrected to avoid this deadlock potential. (Launchpad
#1420788) (BZ#1203266)
Solution
Before applying this update, ensure all previously released errata relevant to
your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 runs on Re Hat
Enterprise Linux 7.1.
The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7 Release Notes (see
References section) contain the following:
- An explanation of the way in which the provided components interact to form a
working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for
RHEL 7, including which channels need to be enabled and disabled.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenStack 5.0 for RHEL 7 x86_64
Fixes
- BZ - 1203266 - Rebase openstack-keystone to 2014.1.4
CVEs
(none)
Red Hat OpenStack 5.0 for RHEL 7
SRPM | |
---|---|
x86_64 | |
openstack-keystone-2014.1.4-1.el7ost.noarch.rpm | SHA-256: 21c2456aae528d285c452befb9eb879bebe0981044f8f96fbf98a8755ff6b35c |
openstack-keystone-doc-2014.1.4-1.el7ost.noarch.rpm | SHA-256: eeeada162a3b09487dba88bda170b2dfbeff0e1b9e4319a17ce83455d279433e |
python-keystone-2014.1.4-1.el7ost.noarch.rpm | SHA-256: 0181a9094a022fd9f4a027531664922baee23edf9299466074e43c65eb52a14f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.