-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRwmwDAAoJEFHb3FjMVZVzB0YQAK0PlcDkwNta37ku+A4Kuo1C
li91ZDk0v2fURTGZ7LkKTKdLPS0tT4eD6h9TkyRwdXWWNYMlanlp6dNYznLOIBKO
FxDAAqwUoCs+i8AZrAnhvy/pALF4uEynb4AwczYa3ONGrbAQiNcLme0Q9sUzZvq2
NAjRE/VjIk7SkkslGswAKNerX1hv/HzoR08gvnKspX6/3GZ1eKDYsf/PwbxdKOiO
XcpXdkSy8jU800CkYy6gdAv1A7a42qMI7MQJrgNoyrc7RI27jL62zLPqy0eFfwVt
js47oO/NzYE1b9pDJ4hlgf6rzhDTCT1gIzv6qgQXFLDzhoNoJcERC2YbHp+WkK20
OTgNsTnL5Yn1e5mh5UnVIde1PniJ35og/FaRKGFvuxQbVqUg5d1ksmqguKPBehwD
zcnhn1kTtfuUFeCCRENI+OUgDdWLA6C1Dn9TvajnnMPnSYBF+gPiraHpHWQO0KYn
IFIISGuLPoChqaMcw10C2U1AN8mmGsYKH00xfO7OHaQWQcUk4DM53CYns5ageDYA
l0CeLusV58jrC1+XgBoqJSM+GCSM3cN7AhQ61nz5090Bc/k+aeH5LA9/H+sTPwJb
Ke6o1KmrVdcuvhNn64ZVQAbBNfMjzEMWON1Pfo4e8QBs/eElRbstT+Rxl2+JzAgW
PbN4F6xFAdNvSUJSle45
=CjYi
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1887-1
June 20, 2013
swift vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Multiple security issues were fixed in OpenStack Swift.
Software Description:
- swift: OpenStack distributed virtual object store
Details:
Sebastian Krahmer discovered that Swift used the loads function in the
pickle Python module when it was configured to use memcached. A remote
attacker on the same network as memcached could exploit this to execute
arbitrary code. This update adds a new memcache_serialization_support
option to support secure json serialization. For details on this new
option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This
issue only affected Ubuntu 12.04 LTS. (CVE-2012-4406)
Alex Gaynor discovered that Swift did not safely generate XML. An
attacker could potentially craft an account name to generate arbitrary XML
responses to trigger vulnerabilties in software parsing Swift's XML.
(CVE-2013-2161)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
python-swift 1.8.0-0ubuntu1.2
Ubuntu 12.10:
python-swift 1.7.4-0ubuntu2.2
Ubuntu 12.04 LTS:
python-swift 1.4.8-0ubuntu2.2
After a standard system update you need to restart Swift to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-1887-1
CVE-2012-4406, CVE-2013-2161
Package Information:
https://launchpad.net/ubuntu/+source/swift/1.8.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/swift/1.7.4-0ubuntu2.2
https://launchpad.net/ubuntu/+source/swift/1.4.8-0ubuntu2.2
No comments:
Post a Comment