CVE-2013-4155

Publication date 7 August 2013

Last updated 24 July 2024

Ubuntu priority

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service (“superfluous” tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
swift	13.10 saucy	Not affected
	13.04 raring	Fixed 1.8.0-0ubuntu1.3
	12.10 quantal	Fixed 1.7.4-0ubuntu2.3
	12.04 LTS precise	Fixed 1.4.8-0ubuntu2.3
	10.04 LTS lucid	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
swift	Upstream: https://review.openstack.org/#/c/40646/ Upstream: https://review.openstack.org/#/c/40645/

References

Related Ubuntu Security Notices (USN)

USN-2001-1
Swift vulnerability
23 October 2013

Other references

https://www.cve.org/CVERecord?id=CVE-2013-4155