USN-2704-1: Swift vulnerabilities

06 August 2015

Several security issues were fixed in Swift.



  • swift - OpenStack distributed virtual object store


Rajaneesh Singh discovered Swift does not properly enforce metadata
limits. An attacker could abuse this issue to store more metadata than
allowed by policy. (CVE-2014-7960)

Clay Gerrard discovered Swift allowed users to delete the latest version
of object regardless of object permissions when allow_version is
configured. An attacker could use this issue to delete objects.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart swift to make
all the necessary changes.