[SECURITY] [DSA 6104-1] python-keystonemiddleware security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6104-1] python-keystonemiddleware security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 20 Jan 2026 21:37:37 +0000
Message-id: <[🔎] aW_1ofcXbqg5J8OE@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6104-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 20, 2026                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-keystonemiddleware
CVE ID         : CVE-2026-22797

Grzegorz Grasza discovered a vulnerability in the Openstack middleware to
provide authentication and authorization features to web services other
than Keystone: If an external OAuth provider is configured,
authentication headers are insufficiently sanitised, which could result
in privilege escalation or user impersonation.

The oldstable distribution (bookworm) is not affected.

For the stable distribution (trixie), this problem has been fixed in
version 10.9.0-2+deb13u1.

We recommend that you upgrade your python-keystonemiddleware packages.

For the detailed security status of python-keystonemiddleware please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-keystonemiddleware

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmlv9V4ACgkQEMKTtsN8
TjZZ7xAAk6VFSlGpFcrwq0VtWUJBH4IucQtGItFX5IA6R6QFubUCR5ksqQT6t5Ya
XZ9Bh9WZ6e+ozVxtS+UTFzXz2G/2F/089+S9Quv5m+V6e/kEg9KHhDls+BPRMt1H
MGvYBmom4tqVGKaVYCMPjJrXdRd56ogmlT7DrOLFd/0sv2d5YZ8DKsIYoVTDY2ec
/TfKrUk3LwNJZMavyJmIL4zM7WrJWhGnDjTWQIXuVsk4bvYHf5aehsjxJWOJETxH
GEBIMp0hAnQbsnNL+NhbCPknmTlUD67yJcrXups/J0ImKEN3jNClI47XNv2rOWNu
2KjFjDqYpn/HbpDbDbuHiF7+TXASDk6YEkTlQYfBwO8MiDYO/Vs7MgSV2ZFHdKXy
jPmlOZC2nYZYZvNca5qR5BEXKEUZRb4k+Kca9OIVHqZoCRbiE9syz49Ri8HSSO5E
HNB9n/ylurFjJ5u5KoK43inBETd4rt5A5wwjqd0bvfpOrYIRcKyrzqjK3CI+X0Ga
iQSgDDnPY+xxflZYCi9UP/BksoTW9/ARjbANJXy4fCMhx5W7TXDp1ulqjvgcJwFH
TVBQfk2qMJLWZo5OKN2r0teBfedVOLLS4OBX/myWXI7TiOvrJsmqqynqClTPzRsm
ZHn9eRXcKnKwiFENl/da7VFzmF4wHYaCIjY27d5F8dcCapX8tr8=
=UfgB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6103-1] thunderbird security update
Previous by thread: [SECURITY] [DSA 6103-1] thunderbird security update
Index(es):
- Date
- Thread