A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.
The Swift object storage service also requires an update to work with the updated Keystone: The update to Swift is provided as 2.30.1-0+deb12u1 for bookworm and 2.35.1-0+deb13u1 for trixie and is backwards-compatible with older Keystone versions. As such, it is recommended to first upgrade Swift before deploying the Keystone update.
https://security-tracker.debian.org/tracker/DSA-6056-1
Continue reading...
The Swift object storage service also requires an update to work with the updated Keystone: The update to Swift is provided as 2.30.1-0+deb12u1 for bookworm and 2.35.1-0+deb13u1 for trixie and is backwards-compatible with older Keystone versions. As such, it is recommended to first upgrade Swift before deploying the Keystone update.
https://security-tracker.debian.org/tracker/DSA-6056-1
Continue reading...
