Oracle Solaris Third-Party Patch Update : keystone (cve_2014_7144_cryptographic_issues)
Medium Nessus Plugin ID 80660
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the 'insecure' option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)
SolutionUpgrade to Solaris 188.8.131.52.0.