oss-sec mailing list archives

CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced

From: Siddharth Sharma <siddharth () redhat com>
Date: Thu, 27 Aug 2015 10:42:57 -0400 (EDT)

Hi,

A flaw was found in the metadata constraints in gluster-swift package. By
adding metadata in several separate calls, a malicious user could bypass the
max_meta_count constraint, and store more metadata than allowed by the
configuration.

Upstream Fix: https://review.openstack.org/#/c/215487

Please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1257525

we are using  CVE-2014-8177,  CVE SPLIT due to different codebases. 
so Please use CVE-2014-8177 for gluster-swift and for openstack-swift 
CVE-2014-7960 was already assigned. 

https://bugzilla.redhat.com/show_bug.cgi?id=1150461


-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A 
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

Current thread:

CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced Siddharth Sharma (Aug 27)