CVE-2013-4155

Published: 07 August 2013

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

Priority

Medium

Status

Package Release Status
swift
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.9.1-0ubuntu1)
Patches:
Upstream: https://review.openstack.org/#/c/40646/ (folsom)
Upstream: https://review.openstack.org/#/c/40645/ (grizzly)