1322227 – openstack-swift: Fix for CVE-2015-5223 is partially present in openstack-swift-2.3.0-5.el7ost build

Bug 1322227 - openstack-swift: Fix for CVE-2015-5223 is partially present in openstack-swift-2.3.0-5.el7ost build [NEEDINFO]

Summary: openstack-swift: Fix for CVE-2015-5223 is partially present in openstack-swif...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-swift
Sub Component:
Version:	7.0 (Kilo)
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	async
Target Release:	7.0 (Kilo)
Assignee:	Pete Zaitcev
QA Contact:	Mike Abrams
Docs Contact:
URL:
Whiteboard:
Depends On:	1263018
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-30 05:18 UTC by Prashanth Pai
Modified:	2016-10-05 19:15 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-swift-2.3.0-6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-10-05 19:15:48 UTC
Target Upstream Version:
Flags:	mabrams: needinfo? (zaitcev)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	217254	None	None	None	2016-09-26 22:25:41 UTC
OpenStack gerrit	217255	None	None	None	2016-09-26 22:25:11 UTC
Red Hat Bugzilla	1255622	medium	CLOSED	CVE-2015-5223 openstack-swift: Information leak via Swift tempurls	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2016:2028	normal	SHIPPED_LIVE	openstack-swift bug fix advisory	2016-10-05 23:11:52 UTC

Internal Links: 1255622

Description Prashanth Pai 2016-03-30 05:18:35 UTC

Description of problem:

The complete fix for CVE-2015-5223 is comprised of two separate upstream commits: 410778b86a49702f80b734bdbf2480b86db342e2 and f81435d340140a0b54ac555870423894ee9b2131

openstack-swift-2.3.0-5.el7ost build in brew contains only one of the commits i.e: 410778b86a49702f80b734bdbf2480b86db342e2


Version-Release number of selected component (if applicable):
openstack-swift-2.3.0-5.el7ost


How reproducible:
This was discovered when upstream test suite from stable/kilo branch was being run against a downstream build i.e openstack-swift-2.3.0-5.el7ost
Tests pertaining to CVE-2015-5223 failed.


Actual results:
openstack-swift build contains partial fix.


Expected results:
openstack-swift build must contain both the commits i.e the complete fix.

Comment 15 nlevinki 2016-10-05 10:34:13 UTC

Automation passed
https://rhos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/RHOS/view/RHOS7/job/qe-7_director-rhel-7.2-virthost-1cont_1comp_1ceph-ipv4-vxlan-ceph-ssl/3/
verified with this rpm
openstack-swift-container-2.3.0-7.el7ost.noarch

Comment 17 errata-xmlrpc 2016-10-05 19:15:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2028.html

Note You need to log in before you can comment on or make changes to this bug.