CVE-2015-5223

Published: 26 October 2015

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

Priority

Medium

Status

Package Release Status
swift
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.5.0-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.13.1-0ubuntu1.5])
Patches:
Upstream: https://review.openstack.org/217253 (Juno)
Upstream: https://review.openstack.org/217254 (Kilo, 1453948)
Upstream: https://review.openstack.org/217255 (Kilo, 1449212)
Upstream: https://review.openstack.org/217259 (Liberty, 1453948)
Upstream: https://review.openstack.org/217260 (Liberty, 1449212)