Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 26 Jan 2017 20:26:02 +0000
From: Jeremy Stanley <>
Subject: [OSSA-2017-001] CatchErrors leaks sensitive values in
 oslo.middleware (CVE-2017-2592)

OSSA-2017-001: CatchErrors leaks sensitive values in oslo.middleware

:Date: January 26, 2017
:CVE: CVE-2017-2592

- Oslo.middleware: <=3.8.0, >=3.9.0 <=3.19.0, >=3.20.0 <=3.23.0

Divya K Konoor with IBM reported a vulnerability in oslo.middleware.
Software using the CatchError class may include sensitive values in
the error message accompanying a Traceback, resulting in their
disclosure. For example, complete API requests (including keystone
tokens in their headers) may leak into neutron error logs.

- (Mitaka)
- (Newton)
- (Ocata)

- Divya K Konoor from IBM (CVE-2017-2592)


Jeremy Stanley
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.