USN-2704-1: Swift vulnerabilities
06 August 2015
Several security issues were fixed in Swift.
- swift - OpenStack distributed virtual object store
Rajaneesh Singh discovered Swift does not properly enforce metadata
limits. An attacker could abuse this issue to store more metadata than
allowed by policy. (CVE-2014-7960)
Clay Gerrard discovered Swift allowed users to delete the latest version
of object regardless of object permissions when allow_version is
configured. An attacker could use this issue to delete objects.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart swift to make
all the necessary changes.