Bug 1298905 (CVE-2016-0738)
Summary: | CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | aavati, abaron, aortega, apevec, ayoung, chrisw, dallan, derekh, gkotton, gmollett, jjoyce, jrusnack, jschluet, kbasil, lhh, lpeer, markmc, mburns, nlevinki, osoukup, rbryant, rfortier, sclewis, security-response-team, sgirijan, sisharma, slinaber, slong, smohan, srevivo, ssaha, tdecacqu, tshefi, vbellur, yeylon, zaitcev | ||||||||
Target Milestone: | --- | Keywords: | Reopened, Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: |
A memory-leak issue was found in OpenStack Object Storage (swift), in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-03-01 10:31:19 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1299668, 1299669, 1299670, 1299671, 1299672, 1300612, 1300613, 1308476 | ||||||||||
Bug Blocks: | 1298929, 1312737 | ||||||||||
Attachments: |
|
Description
Adam Mariš
2016-01-15 12:10:22 UTC
Created attachment 1115108 [details]
Master/mitaka patch
Created attachment 1115109 [details]
Stable/kilo patch
Created attachment 1115112 [details]
Stable/liberty patch
Created openstack-swift tracking bugs for this issue: Affects: fedora-all [bug 1300613] This issue is now public. openstack-swift-2.3.0-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: OpenStack 6 for RHEL 7 Via RHSA-2016:0128 https://rhn.redhat.com/errata/RHSA-2016-0128.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2016:0127 https://rhn.redhat.com/errata/RHSA-2016-0127.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2016:0126 https://rhn.redhat.com/errata/RHSA-2016-0126.html This issue has been addressed in the following products: OpenStack 7 For RHEL 7 Via RHSA-2016:0155 https://rhn.redhat.com/errata/RHSA-2016-0155.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 6 Via RHSA-2016:0329 https://rhn.redhat.com/errata/RHSA-2016-0329.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 7 Via RHSA-2016:0328 https://rhn.redhat.com/errata/RHSA-2016-0328.html |