Bug 1322227 - openstack-swift: Fix for CVE-2015-5223 is partially present in openstack-swift-2.3.0-5.el7ost build
Summary: openstack-swift: Fix for CVE-2015-5223 is partially present in openstack-swif...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-swift
Version: 7.0 (Kilo)
Hardware: All
OS: All
unspecified
medium
Target Milestone: async
: 7.0 (Kilo)
Assignee: Pete Zaitcev
QA Contact: Mike Abrams
URL:
Whiteboard:
Depends On: 1263018
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-30 05:18 UTC by Prashanth Pai
Modified: 2023-09-14 03:20 UTC (History)
7 users (show)

Fixed In Version: openstack-swift-2.3.0-6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-05 19:15:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 217254 0 None None None 2016-09-26 22:25:41 UTC
OpenStack gerrit 217255 0 None None None 2016-09-26 22:25:11 UTC
Red Hat Bugzilla 1255622 0 medium CLOSED CVE-2015-5223 openstack-swift: Information leak via Swift tempurls 2023-05-12 21:08:43 UTC
Red Hat Product Errata RHBA-2016:2028 0 normal SHIPPED_LIVE openstack-swift bug fix advisory 2016-10-05 23:11:52 UTC

Internal Links: 1255622

Description Prashanth Pai 2016-03-30 05:18:35 UTC 
Description of problem:

The complete fix for CVE-2015-5223 is comprised of two separate upstream commits: 410778b86a49702f80b734bdbf2480b86db342e2 and f81435d340140a0b54ac555870423894ee9b2131

openstack-swift-2.3.0-5.el7ost build in brew contains only one of the commits i.e: 410778b86a49702f80b734bdbf2480b86db342e2


Version-Release number of selected component (if applicable):
openstack-swift-2.3.0-5.el7ost


How reproducible:
This was discovered when upstream test suite from stable/kilo branch was being run against a downstream build i.e openstack-swift-2.3.0-5.el7ost
Tests pertaining to CVE-2015-5223 failed.


Actual results:
openstack-swift build contains partial fix.


Expected results:
openstack-swift build must contain both the commits i.e the complete fix.
Comment 15 nlevinki 2016-10-05 10:34:13 UTC 
Automation passed
https://rhos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/RHOS/view/RHOS7/job/qe-7_director-rhel-7.2-virthost-1cont_1comp_1ceph-ipv4-vxlan-ceph-ssl/3/
verified with this rpm
openstack-swift-container-2.3.0-7.el7ost.noarch
Comment 17 errata-xmlrpc 2016-10-05 19:15:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2028.html
Comment 18 Red Hat Bugzilla 2023-09-14 03:20:19 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.