CVE-2016-0737

Priority
Medium
Description
OpenStack Object Storage (Swift) before 2.4.0 does not properly close
client connections, which allows remote attackers to cause a denial of
service (proxy-server resource consumption) via a series of interrupted
requests to a Large Object URL.
References
Bugs
Assigned-to
mdeslaur
Package
Source: swift (LP Ubuntu Debian)
Upstream:released (2.4.0)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.7.0-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.13.1-0ubuntu1.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.7.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.7.0-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/gitweb?p=openstack/swift.git;h=036c2f348d24c01c7a4deba3e44889c45270b46d
More Information

Updated: 2017-10-11 14:14:42 UTC (commit 13496)