CVE-2014-0006
Published: 22 January 2014
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-002 |
Priority
Status
Package | Release | Status |
---|---|---|
swift Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(1.4.8-0ubuntu2.4)
|
|
quantal |
Released
(1.7.4-0ubuntu2.4)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(1.10.0-0ubuntu1.1)
|
|
trusty |
Does not exist
(trusty was not-affected [1.13.0-0ubuntu1])
|
|
upstream |
Released
(1.11.0-2)
|
|
Patches: upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485 upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb |