Issued:: 2013-09-03
Updated:: 2013-09-03

RHSA-2013:1197 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-swift security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-swift packages that fix one security issue are now
available for Red Hat OpenStack 3.0.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

OpenStack Swift (http://swift.openstack.org) is a highly available,
distributed, eventually consistent object/blob store.

A denial of service flaw in OpenStack Swift allowed attackers to fill the
object server with object tombstones. This could lead to subsequent
requests from legitimate users taking an excessive amount of time.
(CVE-2013-4155)

This issue was discovered by Peter Portante of Red Hat.

All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Swift services will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat OpenStack grizzly x86_64

Fixes

BZ - 991626 - CVE-2013-4155 OpenStack: Swift Denial of Service using superfluous object tombstones

CVEs

CVE-2013-4155

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack grizzly

SRPM
openstack-swift-1.8.0-7.el6ost.src.rpm	SHA-256: 0d57f7cd64e49e9a0333ac49f67df8eea8d362336b07198913e2f77a8c92c210
x86_64
openstack-swift-1.8.0-7.el6ost.noarch.rpm	SHA-256: 3832d12498fc1fc90afc60e30c056b40cf5456f998a1c6a0a08747aab8819878
openstack-swift-account-1.8.0-7.el6ost.noarch.rpm	SHA-256: 861b349f7d2d2abce14a6944f403699be855c8169466407fa84b91493bc3a51a
openstack-swift-container-1.8.0-7.el6ost.noarch.rpm	SHA-256: 73b9b2e7844f966ea340d5fdabbdc16c2d1b8bd82e74c083bb181d166d4825ee
openstack-swift-doc-1.8.0-7.el6ost.noarch.rpm	SHA-256: 50bb29d2d14f1f77c30892cb0182b734eaa88add974ae71981796926fadbf9c0
openstack-swift-object-1.8.0-7.el6ost.noarch.rpm	SHA-256: 2a61b8744eba139857f26e451bd1d4448cc10ef4cd5f889543fadf5037b9cccb
openstack-swift-proxy-1.8.0-7.el6ost.noarch.rpm	SHA-256: 07380fc1a0b114e86bb6390bef8d617dcddc5f7e37b8f9955ab7a9db65e28085

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation