Home / mailings

PDF

[USN-2256-1] Swift vulnerability

Posted on 25 June 2014
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2256-1
June 25, 2014

swift vulnerability
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Swift did not properly perform input validation of certain HTTP headers.

Software Description:
- swift: OpenStack distributed virtual object store

Details:

John Dickinson discovered that Swift did not properly quote the
WWW-Authenticate header value. If a user were tricked into navigating to =
a
malicious Swift URL, an attacker could conduct cross-site scripting
attacks. With cross-site scripting vulnerabilities, if a user were tricke=
d
into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential=

data, within the same domain.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
python-swift 1.13.1-0ubuntu1.1

In general, a standard system update will make all the necessary changes.=


References:
http://www.ubuntu.com/usn/usn-2256-1
CVE-2014-3497

Package Information:
https://launchpad.net/ubuntu/+source/swift/1.13.1-0ubuntu1.1

 

TOP