Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 27 Aug 2015 10:42:57 -0400 (EDT)
From: Siddharth Sharma <siddharth@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-2014-8177 gluster-swift metadata constraints are not correctly
 enforced

Hi,

A flaw was found in the metadata constraints in gluster-swift package. By
adding metadata in several separate calls, a malicious user could bypass the
max_meta_count constraint, and store more metadata than allowed by the
configuration.

Upstream Fix: https://review.openstack.org/#/c/215487

Please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1257525

we are using  CVE-2014-8177,  CVE SPLIT due to different codebases. 
so Please use CVE-2014-8177 for gluster-swift and for openstack-swift 
CVE-2014-7960 was already assigned. 

https://bugzilla.redhat.com/show_bug.cgi?id=1150461


-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A 
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A 


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ