LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2013-14477 (openstack-swift)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 19 Update: openstack-swift-1.8.0-3.fc19 


Date:
    	      Sun, 18 Aug 2013 21:36:36 +0000


Message-ID:
    	      <20130818213636.80A4D21099@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-14477
2013-08-09 14:58:03
--------------------------------------------------------------------------------

Name        : openstack-swift
Product     : Fedora 19
Version     : 1.8.0
Release     : 3.fc19
URL         : http://launchpad.net/swift
Summary     : OpenStack Object Storage (Swift)
Description :
OpenStack Object Storage (Swift) aggregates commodity servers to work together
in clusters for reliable, redundant, and large-scale storage of static objects.
Objects are written to multiple hardware devices in the data center, with the
OpenStack software responsible for ensuring data replication and integrity
across the cluster. Storage clusters can scale horizontally by adding new nodes,
which are automatically configured. Should a node fail, OpenStack works to
replicate its content from other active nodes. Because OpenStack uses software
logic to ensure data replication and distribution across different devices,
inexpensive commodity hard drives and servers can be used in lieu of more
expensive equipment.

--------------------------------------------------------------------------------
Update Information:

This update fixes the possibility to fill up a Swift fluster with invalid tombstone files by
attacking with DELETE requests with a special timestamp.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  7 2013 Pete Zaitcev <zaitcev@redhat.com> 1.8.0-3
- CVE-2013-4155 "Fix handling of DELETE obj reqs with old timestamp"
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #991626 - CVE-2013-4155 OpenStack: Swift Denial of Service using superfluous object
tombstones
        https://bugzilla.redhat.com/show_bug.cgi?id=991626
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openstack-swift' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds