SUSE OpenStack Cloud 6: 2016:1957-2 Critical OpenStack-Nova Flaws
suse
October 30, 2015
An update that fixes three vulnerabilities is now available
Summary
openstack-swift was updated to fix three security issues. These security issues were fixed: - CVE-2015-1856: OpenStack Object Storage (Swift), when allow_version is configured, allowed remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container (bsc#927793). - CVE-2014-7960: OpenStack Object Storage (Swift) allowed remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined (bsc#900253). - CVE-2015-5223: Information leak via Swift tempurls (bsc#942641). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5:
References
#900253 #927793 #942641
Cross- CVE-2014-7960 CVE-2015-1856 CVE-2015-5223
Affected Products:
SUSE OpenStack Cloud 5
https://www.suse.com/security/cve/CVE-2014-7960.html
https://www.suse.com/security/cve/CVE-2015-1856.html
https://www.suse.com/security/cve/CVE-2015-5223.html
https://bugzilla.suse.com/900253
https://bugzilla.suse.com/927793
https://bugzilla.suse.com/942641
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:1846-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!