4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
59.1%
OpenStack Object Storage (swift) provides object storage in virtual
containers, which allows users to store and retrieve files (arbitrary
data). The service’s distributed architecture supports horizontal scaling;
redundancy as failure-proofing is provided through software-based data
replication. Because Object Storage supports asynchronous eventual
consistency replication, it is well suited to multiple data-center
deployment.
A flaw was found in the metadata constraints in OpenStack Object Storage
(swift). By adding metadata in several separate calls, a malicious user
could bypass the max_meta_count constraint, and store more metadata than
allowed by the configuration. (CVE-2014-7960)
All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Object Storage services will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openstack-swift-account | < 1.13.1-4.el7ost | openstack-swift-account-1.13.1-4.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-swift-object | < 1.13.1-4.el7ost | openstack-swift-object-1.13.1-4.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-swift | < 1.13.1-4.el7ost | openstack-swift-1.13.1-4.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-swift-doc | < 1.13.1-4.el7ost | openstack-swift-doc-1.13.1-4.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-swift-proxy | < 1.13.1-4.el7ost | openstack-swift-proxy-1.13.1-4.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-swift-container | < 1.13.1-4.el7ost | openstack-swift-container-1.13.1-4.el7ost.noarch.rpm |