Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 27 Aug 2015 10:42:57 -0400 (EDT)
From: Siddharth Sharma <siddharth@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-2014-8177 gluster-swift metadata constraints are not correctly
 enforced

Hi,

A flaw was found in the metadata constraints in gluster-swift package. By
adding metadata in several separate calls, a malicious user could bypass the
max_meta_count constraint, and store more metadata than allowed by the
configuration.

Upstream Fix: https://review.openstack.org/#/c/215487

Please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1257525

we are using  CVE-2014-8177,  CVE SPLIT due to different codebases. 
so Please use CVE-2014-8177 for gluster-swift and for openstack-swift 
CVE-2014-7960 was already assigned. 

https://bugzilla.redhat.com/show_bug.cgi?id=1150461


-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A 
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A 


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.