SUSE-SU-2015:1846-1

These security issues were fixed: - CVE-2015-1856: OpenStack Object Storage (Swift), when allowversion is configured, allowed remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container (bsc#927793). - CVE-2014-7960: OpenStack Object Storage (Swift) allowed remote authenticated users to bypass the maxmeta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined (bsc#900253). - CVE-2015-5223: Information leak via Swift tempurls (bsc#942641).

References

Affected packages

SUSE:OpenStack Cloud 5 / openstack-swift

Package

Name: openstack-swift
Purl: pkg:rpm/suse/openstack-swift&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-11.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-swift": "2.1.0-11.1",
            "openstack-swift-object": "2.1.0-11.1",
            "openstack-swift-doc": "2.1.0-11.1",
            "openstack-swift-proxy": "2.1.0-11.1",
            "openstack-swift-container": "2.1.0-11.1",
            "openstack-swift-account": "2.1.0-11.1",
            "python-swift": "2.1.0-11.1"
        }
    ]
}

SUSE:OpenStack Cloud 5 / openstack-swift-doc

Package

Name: openstack-swift-doc
Purl: pkg:rpm/suse/openstack-swift-doc&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-11.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-swift": "2.1.0-11.1",
            "openstack-swift-object": "2.1.0-11.1",
            "openstack-swift-doc": "2.1.0-11.1",
            "openstack-swift-proxy": "2.1.0-11.1",
            "openstack-swift-container": "2.1.0-11.1",
            "openstack-swift-account": "2.1.0-11.1",
            "python-swift": "2.1.0-11.1"
        }
    ]
}