CVE-2014-0006

Priority
Medium
Description
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through
1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain
secret URLs by leveraging an object name and a timing side-channel attack.
References
Bugs
Notes
 mdeslaur> OSSA 2014-002
Assigned-to
mdeslaur
Package
Source: swift (LP Ubuntu Debian)
Upstream:released (1.11.0-2)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.8-0ubuntu2.4)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.13.0-0ubuntu1)
Patches:
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d (havana)
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb (grizzly)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:42:12 UTC (commit 9756)