Bug 972988 (CVE-2013-2161)
| Summary: | CVE-2013-2161 OpenStack Swift: Unchecked user input in Swift XML responses | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Garth Mollett <gmollett> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | unspecified | CC: | apevec, chrisw, david.macdonald, derekh, gmollett, jlieskov, madam, markmc, pportant, rbryant, sclewis, security-response-team, zaitcev | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2021-10-20 10:39:18 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 973372, 972992, 973370, 974954, 974956 | ||||||||
| Bug Blocks: | 972990 | ||||||||
| Attachments: |
|
||||||||
|
Description
Garth Mollett
2013-06-11 02:26:24 UTC
Created attachment 759406 [details]
Patch
Proposed public disclosure date/time: Thursday, June 13, 2013, 1500UTC Please do not make the issue public (or release public patches) before this coordinated embargo date. Statement: The Red Hat Security Response Team has rated this issue as having moderate security impact in OpenStack Essex (1.0) and Openstack Folsom (2.1). A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Created attachment 760270 [details]
escape-CVE-2013-2161.patch
This issue affects the versions of the openstack-swift package, as shipped with Fedora release of 17, 18, and Fedora EPEL-6. Please schedule an update. Created openstack-swift tracking bugs for this issue Affects: fedora-all [bug 974954] Affects: epel-6 [bug 974956] Acknowledgements: Red Hat would like to thank Alex Gaynor from Rackspace for reporting this issue. This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:0993 https://rhn.redhat.com/errata/RHSA-2013-0993.html |