CVE-2014-0006
Published: 22 January 2014
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Priority
Status
Package | Release | Status |
---|---|---|
swift Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.11.0-2)
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [1.13.0-0ubuntu1])
|
|
Patches: Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485 Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d (havana) Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb (grizzly) |
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-002 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0006
- http://lists.openstack.org/pipermail/openstack-announce/2014-January/000185.html
- https://usn.ubuntu.com/usn/usn-2207-1
- NVD
- Launchpad
- Debian