Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 553610

Summary: <sys-cluster/swift-2.3.0: Unauthorized delete of versioned Swift object (CVE-2015-1856)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: openstack, prometheanfire
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-30 00:09:04 UTC 
CVE-2015-1856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1856):
  OpenStack Object Storage (Swift) before 2.3.0, when allow_version is
  configured, allows remote authenticated users to delete the latest version
  of an object by leveraging listing access to the x-versions-location
  container.
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2015-06-30 00:09:35 UTC 
*swift-2.2.2-r1 (14 Apr 2015)
	
	  14 Apr 2015; Matthew Thode <prometheanfire@gentoo.org>
	  +files/cve-2015-1856-master-kilo.patch, +swift-2.2.2-r1.ebuild,
	  -swift-2.2.0.ebuild, -swift-2.2.2.ebuild:
	  fixing cve-2015-1856