Skip to navigation

Security Advisory Moderate: openstack-swift security update

Advisory: RHSA-2013:1197-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-09-03
Last updated on: 2013-09-03
Affected Products: Red Hat OpenStack 3.0
CVEs (cve.mitre.org): CVE-2013-4155

Details

Updated openstack-swift packages that fix one security issue are now
available for Red Hat OpenStack 3.0.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

OpenStack Swift (http://swift.openstack.org) is a highly available,
distributed, eventually consistent object/blob store.

A denial of service flaw in OpenStack Swift allowed attackers to fill the
object server with object tombstones. This could lead to subsequent
requests from legitimate users taking an excessive amount of time.
(CVE-2013-4155)

This issue was discovered by Peter Portante of Red Hat.

All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Swift services will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat OpenStack 3.0

SRPMS:
openstack-swift-1.8.0-7.el6ost.src.rpm
File outdated by:  RHSA-2014:0367
    MD5: 9493cd5226b8a0b700132229196d3b1b
SHA-256: 0d57f7cd64e49e9a0333ac49f67df8eea8d362336b07198913e2f77a8c92c210
 
x86_64:
openstack-swift-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: bb3d3e92c980fbd13b332cf9b6973ead
SHA-256: 3832d12498fc1fc90afc60e30c056b40cf5456f998a1c6a0a08747aab8819878
openstack-swift-account-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: fc8978d5fb9ceffc9d48b3b564f95173
SHA-256: 861b349f7d2d2abce14a6944f403699be855c8169466407fa84b91493bc3a51a
openstack-swift-container-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: 9bac2daca8fe114ab7865ba474700c14
SHA-256: 73b9b2e7844f966ea340d5fdabbdc16c2d1b8bd82e74c083bb181d166d4825ee
openstack-swift-doc-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: b815359e1b179516bcb3c52d58b9f0c2
SHA-256: 50bb29d2d14f1f77c30892cb0182b734eaa88add974ae71981796926fadbf9c0
openstack-swift-object-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: a2e5fa2b99a2538fb9f9101205e8d4b1
SHA-256: 2a61b8744eba139857f26e451bd1d4448cc10ef4cd5f889543fadf5037b9cccb
openstack-swift-proxy-1.8.0-7.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0367
    MD5: 662a5cb83040af7372c75e49a3970468
SHA-256: 07380fc1a0b114e86bb6390bef8d617dcddc5f7e37b8f9955ab7a9db65e28085
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

991626 - CVE-2013-4155 OpenStack: Swift Denial of Service using superfluous object tombstones


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/