(RHSA-2015:1681) Moderate: openstack-swift security update

OpenStack Object Storage (swift) provides object storage in virtual
containers, which allows users to store and retrieve files (arbitrary
data). The service’s distributed architecture supports horizontal scaling;
redundancy as failure-proofing is provided through software-based data
replication. Because Object Storage supports asynchronous eventual
consistency replication, it is well suited to multiple data-center
deployment.

A flaw was found in openstack-swift where an authenticated user may
delete the most recent version of a versioned object regardless of
ownership. To exploit this flaw an attacker most know the name of the
object and have listing access to the x-versions-location container.
(CVE-2015-1856)

Red Hat would like to thank the OpenStack project for reporting this
issue. Upstream acknowledges Clay Gerrard of SwiftStack as the
original reporter.

All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Object Storage services will be restarted automatically.