update for openstack-keystone
This update of openstack-keystone fixes two security vulnerabilities.
- Add CVE-2013-2104.patch: fix missing expiration check in Keystone
PKI token validation (CVE-2013-2104, bnc#821201)
- Add CVE-2013-2157.patch: fix authentication bypass when using
LDAP backend (CVE-2013-2157, bnc#823783)
-
Submitted by
Vincent Untz (vuntz)
Fixed bugs
bnc#821201
VUL-1: CVE-2013-2104: openstack-keystone: Missing expiration check in Keystone PKI token validation
bnc#823783
VUL-0: openstack-keystone: CVE-2013-2157: vulnerable Keystone LDAP backend authentication
