CVE-2014-0006

Priority
Medium
Description
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through
1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain
secret URLs by leveraging an object name and a timing side-channel attack.
References
Bugs
Notes
mdeslaur> OSSA 2014-002
Assigned-to
mdeslaur
Package
Source: swift (LP Ubuntu Debian)
Upstream:released (1.11.0-2)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.8-0ubuntu2.4)
Ubuntu 12.10 (Quantal Quetzal):released (1.7.4-0ubuntu2.4)
Ubuntu 13.10 (Saucy Salamander):released (1.10.0-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.13.0-0ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.13.0-0ubuntu1)
Patches:
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d (havana)
Upstream:https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb (grizzly)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-06 21:14:32 UTC (commit 8032)