USN-2704-1: Swift vulnerabilities

06 August 2015

Several security issues were fixed in Swift.

Releases

Packages

  • swift - OpenStack distributed virtual object store

Details

Rajaneesh Singh discovered Swift does not properly enforce metadata
limits. An attacker could abuse this issue to store more metadata than
allowed by policy. (CVE-2014-7960)

Clay Gerrard discovered Swift allowed users to delete the latest version
of object regardless of object permissions when allow_version is
configured. An attacker could use this issue to delete objects.
(CVE-2015-1856)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart swift to make
all the necessary changes.