CVE-2014-2828 openstack-keystone: denial of service via V3 API authentication chaining

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and
icehouse before icehouse-rc2 allows remote attackers to cause a denial of
service (CPU consumption) via a large number of the same authentication
method in a request, aka "authentication chaining."

Signed-off-by: Amy Fong <amy.fong@windriver.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index c0522f8..982a088 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
 
-PR = "r0"
+PR = "r1"
 SRCNAME = "keystone"
 
 SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/havana \
@@ -13,6 +13,7 @@ SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/havana \
            file://keystone \
            file://openrc \
            file://Update-test-core-ETCDIR-location.patch \
+           file://CVE-2014-2828-keystone-1300274.patch \
           "
 
 SRCREV="a96d1a44bc0f074729c312e5c2a0f0875edf1765"