CVE-2014-7960

Published: 17 October 2014

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

Priority

Low

Status

Package Release Status
swift
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.13.1-0ubuntu1.2])
Patches:
Upstream: https://review.openstack.org/#/c/126645/ (icehouse)
Upstream: https://review.openstack.org/gitweb?p=openstack%2Fswift.git;a=commitdiff;h=5b2c27a5874c2b5b0a333e4955b03544f6a8119f