SUSE-SU-2014:0547-2: moderate: Security update for openstack-swift

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed May 7 05:04:13 MDT 2014 

   SUSE Security Update: Security update for openstack-swift
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0547-2
Rating:             moderate
References:         #858459 
Cross-References:   CVE-2014-0006
Affected Products:
                    SUSE Cloud 2.0
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   A timing attack vulnerability has been fixed in
   openstack-swift, namely in  the Swift TempURL middleware.

   By analyzing response times to arbitrary TempURL requests,
   an attacker may  be able to guess valid secret URLs and get
   access to objects that were only  intended to be publicly
   shared with specific recipients. In order to use  this
   attack, the attacker needs to know the targeted object
   name, and the  object account needs to have a TempURL key
   set. Only Swift setups enabling  the TempURL middleware are
   affected.

   Security Issues:

   * CVE-2014-0006
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0006
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 2.0:

      zypper in -t patch sleclo20sp3-openstack-swift-8958

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 2.0 (x86_64):

      openstack-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1
      openstack-swift-account-1.8.0.1+git.1375920359.1f4ec23-0.9.1
      openstack-swift-container-1.8.0.1+git.1375920359.1f4ec23-0.9.1
      openstack-swift-object-1.8.0.1+git.1375920359.1f4ec23-0.9.1
      openstack-swift-proxy-1.8.0.1+git.1375920359.1f4ec23-0.9.1
      python-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1

   - SUSE Cloud 2.0 (noarch):

      openstack-swift-doc-1.8.0.1+git.1375920359.1f4ec23-0.9.1


References:

   http://support.novell.com/security/cve/CVE-2014-0006.html
   https://bugzilla.novell.com/858459
   http://download.suse.com/patch/finder/?keywords=eba9f698e0559857cea64e69463841bc

More information about the sle-security-updates mailing list