CVE-2013-4155

Published: 7 August 2013

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

Priority

Status

Package	Release	Status
swift Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (1.4.8-0ubuntu2.3)
	quantal	Released (1.7.4-0ubuntu2.3)
	raring	Released (1.8.0-0ubuntu1.3)
	saucy	Not vulnerable (1.9.1-0ubuntu1)
	upstream	Released (1.9.1)
	Patches: upstream: https://review.openstack.org/#/c/40646/ upstream: https://review.openstack.org/#/c/40645/

References

https://ubuntu.com/security/notices/USN-2001-1
https://www.cve.org/CVERecord?id=CVE-2013-4155
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/swift/+bug/1196932

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›