SUSE-SU-2014:0547-2: moderate: Security update for openstack-swift
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed May 7 05:04:13 MDT 2014
SUSE Security Update: Security update for openstack-swift
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0547-2
Rating: moderate
References: #858459
Cross-References: CVE-2014-0006
Affected Products:
SUSE Cloud 2.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
A timing attack vulnerability has been fixed in
openstack-swift, namely in the Swift TempURL middleware.
By analyzing response times to arbitrary TempURL requests,
an attacker may be able to guess valid secret URLs and get
access to objects that were only intended to be publicly
shared with specific recipients. In order to use this
attack, the attacker needs to know the targeted object
name, and the object account needs to have a TempURL key
set. Only Swift setups enabling the TempURL middleware are
affected.
Security Issues:
* CVE-2014-0006
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0006
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 2.0:
zypper in -t patch sleclo20sp3-openstack-swift-8958
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 2.0 (x86_64):
openstack-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1
openstack-swift-account-1.8.0.1+git.1375920359.1f4ec23-0.9.1
openstack-swift-container-1.8.0.1+git.1375920359.1f4ec23-0.9.1
openstack-swift-object-1.8.0.1+git.1375920359.1f4ec23-0.9.1
openstack-swift-proxy-1.8.0.1+git.1375920359.1f4ec23-0.9.1
python-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1
- SUSE Cloud 2.0 (noarch):
openstack-swift-doc-1.8.0.1+git.1375920359.1f4ec23-0.9.1
References:
http://support.novell.com/security/cve/CVE-2014-0006.html
https://bugzilla.novell.com/858459
http://download.suse.com/patch/finder/?keywords=eba9f698e0559857cea64e69463841bc
More information about the sle-updates
mailing list