CVE-2014-0006
Published: 22 January 2014
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
swift Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.11.0-2)
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [1.13.0-0ubuntu1])
|
|
|
Patches: Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485 Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d (havana) Upstream: https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb (grizzly) |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | OSSA 2014-002 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0006
- http://lists.openstack.org/pipermail/openstack-announce/2014-January/000185.html
- https://usn.ubuntu.com/usn/usn-2207-1
- NVD
- Launchpad
- Debian