CVE-2014-7960
Published: 17 October 2014
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
Notes
Author | Note |
---|---|
jdstrand | per upstream, this is a minor issue |
Priority
Status
Package | Release | Status |
---|---|---|
swift Launchpad, Ubuntu, Debian |
upstream |
Needed
|
lucid |
Does not exist
|
|
precise |
Released
(1.4.8-0ubuntu2.5)
|
|
trusty |
Does not exist
(trusty was released [1.13.1-0ubuntu1.2])
|
|
utopic |
Released
(2.2.0-0ubuntu1)
|
|
vivid |
Released
(2.2.2-0ubuntu1)
|
|
Patches: upstream: https://review.openstack.org/#/c/126645/ (icehouse) upstream: https://review.openstack.org/gitweb?p=openstack%2Fswift.git;a=commitdiff;h=5b2c27a5874c2b5b0a333e4955b03544f6a8119f |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7960
- https://marc.info/?l=oss-security&m=141275839830221&w=2
- http://lists.openstack.org/pipermail/openstack-announce/2014-October/000291.html
- https://rhn.redhat.com/errata/RHSA-2015-0836.html
- https://ubuntu.com/security/notices/USN-2704-1
- NVD
- Launchpad
- Debian