It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. (CVE-2015-5223)
Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly closed client connections. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2016-0737, CVE-2016-0738)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "python-swift", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-account", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-container", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-doc", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-object", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-object-expirer", "binary_version": "1.13.1-0ubuntu1.5" }, { "binary_name": "swift-proxy", "binary_version": "1.13.1-0ubuntu1.5" } ] }