From ${URL} : Description A security issue has been reported in Python swiftclient Module, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information. The security issue is reported in version 1.8. Other versions may also be affected. Solution: No official solution is currently available. Provided and/or discovered by: Reported by the vendor. Original Advisory: Launchpad: https://bugs.launchpad.net/python-swiftclient/+bug/1199783 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. Please remove the affected versions from the tree.
Commit: https://review.openstack.org/#/c/33473/
This has been assigned CVE-2013-6396 as per https://bugzilla.redhat.com/show_bug.cgi?id=1031652
partially fixed (in 2.0.2), unfortuanately it looks like they will not backport... https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21
fixed (bad versions removed from tree), kthnxbai
Thank you for your work! Closing - noglsa
CVE-2013-6396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6396): The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
