The following was reported to oss-sec: Title: Swift metadata constraints are not correctly enforced Reporter: Rajaneesh Singh Products: Swift Versions: up to 2.1.0 Description: Rajaneesh Singh reported a vulnerability in Swift enforcement of metadata contraints. By adding metadata in several separate calls, an authenticated attacker can bypass the max_meta_count constraint, potentially resulting in the storage of more metadata than allowed in configuration. References: https://launchpad.net/bugs/1365350 http://seclists.org/oss-sec/2014/q4/205
Created openstack-swift tracking bugs for this issue: Affects: fedora-all [bug 1150782]
This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2015:0836 https://rhn.redhat.com/errata/RHSA-2015-0836.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2015:0835 https://rhn.redhat.com/errata/RHSA-2015-0835.html
This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 6 Native Client for RHEL 5 for Red Hat Storage Native Client for RHEL 6 for Red Hat Storage Via RHSA-2015:1495 https://rhn.redhat.com/errata/RHSA-2015-1495.html