|
|
Subscribe / Log in / New account

Debian alert DLA-4366-1 (swift)



From:
              Carlos Henrique Lima Melara <charles@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4366-1] swift update


Date:
              Fri, 07 Nov 2025 08:48:20 -0300


Message-ID:
              <oioakgotgcqcirpaxs2ouyjsunveemagdzoozxv26pnncl4tbx@dvesgpx5wqtu>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4366-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/          Carlos Henrique Lima Melara
November 07, 2025                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : swift
Version        : 2.26.0-10+deb11u2
CVE ID         : 
Debian Bug     : 1120057

Swift, an object storage service, requires an update to work with keystone
2:18.1.0-1+deb11u2 which fixes a vulnerability in ec2tokens and s3tokens APIs.
This version is backward-compatible with older keystone versions, but older
versions of swift package will not work with the updated version of keystone.
Therefore one is advised to first update swift and then proceed with the
keystone update.

For Debian 11 bullseye, this problem has been fixed in version
2.26.0-10+deb11u2.

We recommend that you upgrade your swift packages.

For the detailed security status of swift please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/swift

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmkN3IQACgkQt4M9ggJ8
mQshIQ//fKi3q4MBulyaomLXivRIP295yaUUHh+/uSiTRtteHpDa63wDoSGktlG7
0n7PYLXcaMOWTvRgb4+yOoREJey1Gd3PlZ6ko3rQ0d6sCD7+Arggdxf2dsbGQ0Lh
A4hBJghsqBnUOY1BjLV/qpZZWt+A8G+NFxhuQyOFzTB8y2jTI4eaWOlJtl4b9lG/
prR5jjoZocZ2P02J8xi4gTVMdOAGQ0RRvKk/uGiYUsXqDfYpGV6dXchqY9gwYbj6
IUtSCFE+gfOgJLoPdk1Ya1bc2fDf3VS3Q759eL6CFbwzCk13bTGsqPFxJs3Zm6PW
+ucssn5bWFA/ZT9uK4H4zdwAvxKkVIJdAWOLJFUsedvQOyr5MdLz7aCzR4T78Vvh
FgQDnntUIk8kYPItPUQGQ/vCR5nKJs0vDeZABLtKB5XvOJNYzWUg1bzcc8dAuVtM
YV8nHMA5ap6hzVBQGr+VqMYR2ldAIq3AMhEO6ejvSJFORRWPBFqtb51e/Oc8A4wG
/qjopVu+CKGRTpIo2nERWpyc/zC4KTrHV608RDfdZN+tasaoPKKtzez6yRPO+57q
ppv2JeK8DkexcsyPuHxG61LnOwsd/ufyby92LNu1cMO92n4krzAJJ4Pra1XBOBar
3NHorBauehtf5VbI45CM/rAlhIBCkjEnW4XRAwAITQFY+3FfNOg=
=ZAGU
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds