This bug was fixed in the package swift - 1.13.1-0ubuntu1.5
---------------
swift (1.13.1-0ubuntu1.5) trusty-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: disallow unsafe tempurl operations to point to
unauthorized data
- debian/patches/CVE-2015-5223.patch: disallow creation of DLO object
manifests if non-safe tempurl request includes X-Object-Manifest header
- CVE-2015-5223
- LP: #1453948
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via incorrectly closed client connections
- debian/patches/CVE-2016-0737.patch: get better at closing WSGI
iterables in swift/common/middleware/dlo.py,
swift/common/middleware/slo.py, swift/common/request_helpers.py,
swift/common/swob.py, swift/common/utils.py,
test/unit/common/middleware/helpers.py,
test/unit/common/middleware/test_dlo.py,
test/unit/common/middleware/test_slo.py.
- CVE-2016-0737
* SECURITY UPDATE: DoS via incorrectly closed server connections
- debian/patches/CVE-2016-0738.patch: fix memory/socket leak in proxy
on truncated SLO/DLO GET in swift/common/request_helpers.py,
test/unit/common/middleware/test_slo.py.
- CVE-2016-0738
* Thanks to Red Hat for the patch backports!
* debian/patches/fix-ubuntu-tests.patch: disable another test that no
longer works on buildds.
-- Marc Deslauriers <[email protected]> Tue, 12 Sep 2017
07:36:43 -0400
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5223
** Changed in: swift (Ubuntu Trusty)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493303
Title:
[OSSA 2016-004] Swift proxy memory leak on unfinished read
(CVE-2016-0738)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
