SUSE-SU-2015:1846-1
- Source
- https://www.suse.com/support/update/announcement/2015/suse-su-20151846-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1846-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2015:1846-1
- Related
- Published
- 2015-10-19T09:00:52Z
- Modified
- 2015-10-19T09:00:52Z
- Summary
- Security update for openstack-swift
- Details
-
openstack-swift was updated to fix three security issues.
These security issues were fixed: - CVE-2015-1856: OpenStack Object Storage (Swift), when allowversion is configured, allowed remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container (bsc#927793). - CVE-2014-7960: OpenStack Object Storage (Swift) allowed remote authenticated users to bypass the maxmeta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined (bsc#900253). - CVE-2015-5223: Information leak via Swift tempurls (bsc#942641).
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20151846-1/
- https://bugzilla.suse.com/900253
- https://bugzilla.suse.com/927793
- https://bugzilla.suse.com/942641
- https://www.suse.com/security/cve/CVE-2014-7960
- https://www.suse.com/security/cve/CVE-2015-1856
- https://www.suse.com/security/cve/CVE-2015-5223
Affected packages
SUSE:OpenStack Cloud 5 / openstack-swift
Package
- Name
- openstack-swift
- Purl
- pkg:rpm/suse/openstack-swift&distro=SUSE%20OpenStack%20Cloud%205
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.0-11.1
Ecosystem specific
{
"binaries": [
{
"openstack-swift-account": "2.1.0-11.1",
"openstack-swift-proxy": "2.1.0-11.1",
"openstack-swift-doc": "2.1.0-11.1",
"python-swift": "2.1.0-11.1",
"openstack-swift-object": "2.1.0-11.1",
"openstack-swift-container": "2.1.0-11.1",
"openstack-swift": "2.1.0-11.1"
}
]
}
SUSE:OpenStack Cloud 5 / openstack-swift-doc
Package
- Name
- openstack-swift-doc
- Purl
- pkg:rpm/suse/openstack-swift-doc&distro=SUSE%20OpenStack%20Cloud%205
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.0-11.1
Ecosystem specific
{
"binaries": [
{
"openstack-swift-account": "2.1.0-11.1",
"openstack-swift-proxy": "2.1.0-11.1",
"openstack-swift-doc": "2.1.0-11.1",
"python-swift": "2.1.0-11.1",
"openstack-swift-object": "2.1.0-11.1",
"openstack-swift-container": "2.1.0-11.1",
"openstack-swift": "2.1.0-11.1"
}
]
}