Package "swift"
| Name: |
swift
|
Description: |
distributed virtual object store - common files
|
| Latest version: |
1.4.8-0ubuntu2.5 |
| Release: |
precise (12.04) |
| Level: |
security |
| Repository: |
universe |
| Homepage: |
http://launchpad.net/swift |
Links
Download "swift"
Other versions of "swift" in Precise
Changelog
|
swift (1.4.8-0ubuntu2.5) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: metadata constraint bypass via multiple requests
- debian/patches/CVE-2014-7960.patch: add metadata checks to
swift/account/server.py, swift/common/constraints.py,
swift/common/db.py, swift/container/server.py, added tests to
test/unit/common/test_db.py,
test/functionalnosetests/test_account.py,
test/functionalnosetests/test_container.py.
- CVE-2014-7960
[ Jamie Strandboge ]
* debian/patches/CVE-2014-7960.patch:
- adjust unittests since we use webob.exc and not the newer swob
- adjust functional tests to properly skip if test environment is not
specified and to not interfere with other functional tests
* debian/control: Build-Depends on python-mock
-- Jamie Strandboge Mon, 27 Jul 2015 10:48:47 -0500
|
| Source diff to previous version |
| CVE-2014-7960 |
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multi |
|
|
swift (1.4.8-0ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in TempURL
- debian/patches/CVE-2014-0006.patch: use constant time comparison in
swift/common/middleware/tempurl.py.
- CVE-2014-0006
-- Marc Deslauriers <email address hidden> Fri, 14 Mar 2014 14:22:18 -0400
|
| Source diff to previous version |
| CVE-2014-0006 |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 ... |
|
|
swift (1.4.8-0ubuntu2.3) precise-security; urgency=low
* SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
- debian/patches/CVE-2013-4155.patch: don't create tombstone files when
a file with a newer timestamp exists
- CVE-2013-4155
- LP: #1196932
-- Jamie Strandboge <email address hidden> Thu, 22 Aug 2013 15:40:33 -0500
|
| Source diff to previous version |
| 1196932 |
[OSSA 2013-022] Possibly DoS attack using object tombstones (CVE-2013-4155) |
| CVE-2013-4155 |
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows ... |
|
|
swift (1.4.8-0ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: fix unchecked input in XML responses
- debian/patches/CVE-2013-2161.patch: use saxutils.quoteattr() on account
name
- CVE-2013-2161
- LP: #1183884
* SECURITY UPDATE: optionally allow using secure json serialization instead
of pickle.
- debian/patches/CVE-2012-4406.patch: add memcache_serialization_support
option and update man pages
- debian/patches/memcache_serialization_support-default-to-zero.patch:
default to insecure pickle configuration for people upgrading.
Interested users can adjust this as desired
- CVE-2012-4406
- LP: #1006414
-- Jamie Strandboge <email address hidden> Mon, 17 Jun 2013 14:56:56 -0500
|
| 1183884 |
[OSSA 2013-016] Unescaped content embedded in XML (CVE-2013-2161) |
| 1006414 |
Insecure loads() |
| CVE-2013-2161 |
Unchecked user input in Swift XML responses |
| CVE-2012-4406 |
OpenStack Object Storage (swift) before 1.7.0 uses the loads function ... |
|
About
-
Send Feedback to @ubuntu_updates
