Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 09 Oct 2014 14:44:49 +0200
From: Thierry Carrez <>
Subject: [OSSA 2014-034] Swift metadata constraints are not correctly enforced

OpenStack Security Advisory: 2014-034
CVE: CVE-2014-7960
Date: October 09, 2014
Title: Swift metadata constraints are not correctly enforced
Reporter: Rajaneesh Singh
Products: Swift
Versions: up to 2.1.0

Rajaneesh Singh reported a vulnerability in the way Swift enforces
metadata constraints. By adding metadata in several separate calls, an
authenticated attacker can bypass the max_meta_count constraint,
potentially resulting in the storage of more metadata than allowed in

Juno (development branch) fix:

Icehouse fix:

This fix will be included in the upcoming 2.2.0 Juno release.


Thierry Carrez
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.