USN-2704-1: Swift vulnerabilities
Ubuntu Security Notice USN-2704-1
5th August, 2015
swift vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in Swift.
Software description
- swift - OpenStack distributed virtual object store
Details
Rajaneesh Singh discovered Swift does not properly enforce metadata
limits. An attacker could abuse this issue to store more metadata than
allowed by policy. (CVE-2014-7960)
Clay Gerrard discovered Swift allowed users to delete the latest version
of object regardless of object permissions when allow_version is
configured. An attacker could use this issue to delete objects.
(CVE-2015-1856)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 15.04:
- swift 2.2.2-0ubuntu1.3
- Ubuntu 14.04 LTS:
- swift 1.13.1-0ubuntu1.2
- Ubuntu 12.04 LTS:
- swift 1.4.8-0ubuntu2.5
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
After a standard system update you need to restart swift to make
all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/1KS7Sgu