Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

Ubuntu 15.04 Swift: USN-2704-1 Moderate: Metadata Issue and Deletion Threat

ubuntu
Calendar Grey August 6, 2015
Scroller Ubuntu
Multiple vulnerabilities addressed in Swift applications affect Ubuntu versions 12.04, 14.04, and 15.04, necessitating urgent patches.
Several security issues were fixed in Swift.

Summary

Several security issues were fixed in Swift.

Software Description:

- swift: OpenStack distributed virtual object store

Details:

Rajaneesh Singh discovered Swift does not properly enforce metadata

limits. An attacker could abuse this issue to store more metadata than

allowed by policy. (CVE-2014-7960)

Clay Gerrard discovered Swift allowed users to delete the latest version

of object regardless of object permissions when allow_version is

configured. An attacker could use this issue to delete objects.

(CVE-2015-1856)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  swift                           2.2.2-0ubuntu1.3

Ubuntu 14.04 LTS:
  swift                           1.13.1-0ubuntu1.2

Ubuntu 12.04 LTS:
  swift                           1.4.8-0ubuntu2.5

After a standard system update you need to restart swift to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2704-1

CVE-2014-7960, CVE-2015-1856

August 06, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.