CVE-2015-5223

Priority
Medium
Description
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain
sensitive information via a PUT tempurl and a DLO object manifest that
references an object in another container.
References
Bugs
Notes
 jdstrand> Per upstream, fix for 1449212 will not be applied to kilo and
  earlier
Assigned-to
mdeslaur
Package
Source: swift (LP Ubuntu Debian)
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):not-affected (2.5.0-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was pending)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.13.1-0ubuntu1.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.5.0-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.5.0-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/217253 (Juno)
Upstream:https://review.openstack.org/217254 (Kilo, 1453948)
Upstream:https://review.openstack.org/217255 (Kilo, 1449212)
Upstream:https://review.openstack.org/217259 (Liberty, 1453948)
Upstream:https://review.openstack.org/217260 (Liberty, 1449212)
More Information

Updated: 2017-10-11 14:14:41 UTC (commit 13496)