CVE-2016-0738

Priority
Low
Description
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x
before 2.5.1 (Liberty) do not properly close server connections, which
allows remote attackers to cause a denial of service (proxy-server resource
consumption) via a series of interrupted requests to a Large Object URL.
References
Bugs
Assigned-to
mdeslaur
Package
Source: swift (LP Ubuntu Debian)
Upstream:released (2.5.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.7.0-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.13.1-0ubuntu1.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.7.0-0ubuntu2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.7.0-0ubuntu2)
Patches:
Upstream:https://review.openstack.org/#/c/270234/
More Information

Updated: 2017-10-11 14:14:42 UTC (commit 13496)