Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 Jun 2013 16:21:07 +0000
From: Jeremy Stanley <>
Subject: [OSSA 2013-016] Unchecked user input in Swift XML responses

OpenStack Security Advisory: 2013-016
CVE: CVE-2013-2161
Date: June 13, 2013
Title: Unchecked user input in Swift XML responses
Reporter: Alex Gaynor (Rackspace)
Products: Swift
Affects: All versions

Alex Gaynor from Rackspace reported a vulnerability in XML handling
within Swift account servers. Account strings were unescaped in XML
listings, and an attacker could potentially generate unparsable or
arbitrary XML responses which may be used to leverage other
vulnerabilities in the calling software.

Havana (development branch) fix:

Grizzly fix:

Folsom fix:

This fix will be included in the next release.


Jeremy Stanley (fungi)
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (967 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.