Ubuntu alert USN-8008-1 (python-keystonemiddleware)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8008-1] Keystone Middleware vulnerability | |
| Date: | Tue, 03 Feb 2026 17:49:07 +0000 | |
| Message-ID: | <E1vnKWR-00036N-Pr@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8008-1 February 03, 2026 python-keystonemiddleware vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Keystone Middleware could allow unintended access to network services. Software Description: - python-keystonemiddleware: Middleware for OpenStack Identity (Keystone) Details: Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could possibly use this issue to escalate privileges or impersonate other users. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-keystonemiddleware 10.12.0-0ubuntu1.1 Ubuntu 24.04 LTS python3-keystonemiddleware 10.6.0-0ubuntu1.1 After a standard system update you need to restart Keystone to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8008-1 CVE-2026-22797 Package Information: https://launchpad.net/ubuntu/+source/python-keystonemiddl... https://launchpad.net/ubuntu/+source/python-keystonemiddl...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmCNOIACgkQcpJm3tlz hgGkiBAAvITu6oBZazI9f/Fns1q1iH5IZ2oMU3n5bdywAz0vV+pPQE/ExZELjdm0 NsQL5usD0tZEEd9KOpKSZCp4XWSp0MB3d0OU3od0oVmigVqfUguzX/uWI9sgPWdp RvVF9bCsPbewkXfhLMNLF6yJ8tr8U2R5AwQ0yWuFk620DfQys+ExrIZFTzfuBZne 8VsceqI7Ne+aXqvRTFi4chJYZjR/nhT+4DpUHsVUjADjJAQ6b7Zbhx9nabPmXHyu 2ixcafzUWKFUd+gHSB6VNRFxK1DGqFWrd+HC/IOnWYnKOny5CK6yZ44qhEQ1tqI/ 6jfY78Dd492/KuP4+E2M330q0LoaxX+66Fzw/jNaK1KWWoatUODKrQl4YcU8Cxhz nGH5knWNo7OKVOCqH99lzXgA4tiyo38LVtax4I1xX4GPRl+6Elx7NAyDqePRDPRR lzRwJpPia5hoCb87QjiI73WE6aTAk+Zxj5040+s3GCCan9Sn4TAgZ+ve5t1REjZ/ lPqPK21+4lC9i+7sbWzGxSLOmOQx2smw3OnvPr+kltqaR7YAFsFjXR7C4UWGnVCC +dahhdyTz+lNz/xWwzeZELUDLZ4lee0Ln8RN6CZ5l9M7PBkBEDnxvdfxs9dXWP43 FBjx7W1YfYHfYfEuZnIslUS7OfgkMDX8eP1SBNXylqQSm6CyL+8= =nxfh -----END PGP SIGNATURE-----