Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu: 2207-1 Moderate Timing Attack: OpenStack Swift File Access

Calendar May 06, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory timing attack file access ubuntu openstack swift
OpenStack Swift would allow unintended access to files over the network. 

=========================================================================Ubuntu Security Notice USN-2207-1
May 06, 2014

swift vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

OpenStack Swift would allow unintended access to files over the network.

Software Description:
- swift: OpenStack distributed virtual object store

Details:

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift.
If Swift was configured to use the TempURL middleware, an attacker could
exploit this to guess valid secret URLs and obtain unintended access to
objects publicly shared with specific recipients.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  python-swift                    1.10.0-0ubuntu1.1

Ubuntu 12.10:
  python-swift                    1.7.4-0ubuntu2.4

Ubuntu 12.04 LTS:
  python-swift                    1.4.8-0ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2207-1
  CVE-2014-0006

Package Information:
  https://launchpad.net/ubuntu/+source/swift/1.10.0-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/swift/1.7.4-0ubuntu2.4
  https://launchpad.net/ubuntu/+source/swift/1.4.8-0ubuntu2.4

Ubuntu: 2207-1 Moderate Timing Attack: OpenStack Swift File Access

ubuntu
Calendar Grey May 6, 2014
Dist Ubuntu Esm H88
OpenStack Swift flaw exposes unauthorized file access. Upgrade Ubuntu to address crucial security threat.
OpenStack Swift would allow unintended access to files over the network.

Summary

Topics%20covered

Topics Covered

security advisory timing attack file access ubuntu openstack swift

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: python-swift 1.10.0-0ubuntu1.1 Ubuntu 12.10: python-swift 1.7.4-0ubuntu2.4 Ubuntu 12.04 LTS: python-swift 1.4.8-0ubuntu2.4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2207-1

CVE-2014-0006

Severity
important
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2207-1

Topics%20covered

Topics Covered

security advisory timing attack file access ubuntu openstack swift

Package Information

https://launchpad.net/ubuntu/+source/swift/1.10.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/swift/1.7.4-0ubuntu2.4 https://launchpad.net/ubuntu/+source/swift/1.4.8-0ubuntu2.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here