Debian Linux Security Advisory 2737-1 - Several vulnerabilities have been discovered in Swift, the Openstack object storage.
919524417f732e6607d2bbf583b49fa6d0f577aaccfbc8eb587d12e9c0f29639Red Hat Security Advisory 2013-0993-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. An XML injection flaw in OpenStack Swift could allow remote attackers to manipulate the contents of XML responses via specially-crafted data. This could be used to trigger a denial of service.
28a8b98698ba460b04f7bcbc2c2b29b15adacb9c2f421378f5d59be53638b7c8Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.
5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed