Keystone could be made to crash or expose sensitive information over the network.
Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. (CVE-2013-0282)
20 February 2013
A security issue affects these releases of Ubuntu and its derivatives:
Keystone could be made to crash or expose sensitive information over the network.
Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. (CVE-2013-0282)
Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. (CVE-2013-1664, CVE-2013-1665)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Vulmon