Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
OpenStack Object Storage (swift) provides object storage in virtual
containers, which allows users to store and retrieve files (arbitrary
data). The service's distributed architecture supports horizontal scaling;
redundancy as failure-proofing is provided through software-based data
replication. Because Object Storage supports asynchronous eventual
consistency replication, it is well suited to multiple data-center
deployment.
A flaw was found in OpenStack Object Storage that could allow an
authenticated user to delete the most recent version of a versioned object
regardless of ownership. To exploit this flaw, an attacker must know the
name of the object and have listing access to the x-versions-location
container. (CVE-2015-1856)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Clay Gerrard of SwiftStack as the original reporter.
All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Object Storage services will be restarted automatically.
https://access.redhat.com/security/cve/CVE-2015-1856 https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6:
Source:
openstack-swift-1.13.1-6.el6ost.src.rpm
noarch:
openstack-swift-1.13.1-6.el6ost.noarch.rpm
openstack-swift-account-1.13.1-6.el6ost.noarch.rpm
openstack-swift-container-1.13.1-6.el6ost.noarch.rpm
openstack-swift-doc-1.13.1-6.el6ost.noarch.rpm
openstack-swift-object-1.13.1-6.el6ost.noarch.rpm
openstack-swift-proxy-1.13.1-6.el6ost.noarch.rpm
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:
Source:
openstack-swift-1.13.1-5.el7ost.src.rpm
noarch:
openstack-swift-1.13.1-5.el7ost.noarch.rpm
openstack-swift-account-1.13.1-5.el7ost.noarch.rpm
openstack-swift-container-1.13.1-5.el7ost.noarch.rpm
openstack-swift-doc-1.13.1-5.el7ost.noarch.rpm
openstack-swift-object-1.13.1-5.el7ost.noarch.rpm
openstack-swift-proxy-1.13.1-5.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Updated openstack-swift packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.0.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch
1209994 - CVE-2015-1856 OpenStack Swift: unauthorized deletion of versioned Swift object
Get the latest Linux and open source security news straight to your inbox.