oss-sec mailing list archives
CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced
From: Siddharth Sharma <siddharth () redhat com>
Date: Thu, 27 Aug 2015 10:42:57 -0400 (EDT)
Hi, A flaw was found in the metadata constraints in gluster-swift package. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration. Upstream Fix: https://review.openstack.org/#/c/215487 Please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1257525 we are using CVE-2014-8177, CVE SPLIT due to different codebases. so Please use CVE-2014-8177 for gluster-swift and for openstack-swift CVE-2014-7960 was already assigned. https://bugzilla.redhat.com/show_bug.cgi?id=1150461 ----------------------------------------------------------------- Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A Fingerprint : 0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
Current thread:
- CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced Siddharth Sharma (Aug 27)