USN-2704-1: Swift vulnerabilities

6 August 2015

swift vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Swift.

Software Description

  • swift - OpenStack distributed virtual object store

Details

Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. (CVE-2014-7960)

Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. (CVE-2015-1856)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
swift - 2.2.2-0ubuntu1.3
Ubuntu 14.04 LTS
swift - 1.13.1-0ubuntu1.2
Ubuntu 12.04 LTS
swift - 1.4.8-0ubuntu2.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart swift to make all the necessary changes.

References