CVE-2013-2013

Published: 1 October 2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

Notes

Author	Note
jdstrand	hardening feature

Priority

Status

Package	Release	Status
python-keystoneclient Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Does not exist
	precise	Ignored
	quantal	Ignored
	raring	Ignored
	upstream	Released (0.2.4)
	Patches: upstream: http://github.com/openstack/python-keystoneclient/commit/f2e0818bc97bfbeba83f6abbb07909a8debcad77

References

https://bugs.launchpad.net/python-keystoneclient/+bug/938315
https://www.cve.org/CVERecord?id=CVE-2013-2013
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›