Updated openstack-swift packages that fix two security issues are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7.Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

OpenStack Object Storage (swift) provides object storage in virtualcontainers, which allows users to store and retrieve files (arbitrarydata). The service’s distributed architecture supports horizontal scaling;redundancy as failure-proofing is provided through software-based datareplication. Because Object Storage supports asynchronous eventualconsistency replication, it is well suited to multiple data-centerdeployment.A memory-leak issue was found in OpenStack Object Storage (swift), in theproxy-to-server connection. An OpenStack-authenticated attacker couldremotely trigger this flaw to cause denial of service through excess memoryconsumption. (CVE-2016-0738)A memory-leak issue was found in OpenStack Object Storage (swift), in theclient-to-proxy connection. An OpenStack-authenticated attacker couldremotely trigger this flaw to cause denial of service through excess memoryconsumption. (CVE-2016-0737)Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Romain Le Disez from OVH and Örjan Perssonfrom Kiliaro as the original reporters.All users of openstack-swift are advised to upgrade to these updatedpackages, which correct these issues. After installing this update, theOpenStack Object Storage services will be restarted automatically.
Red Hat OpenStack 5.0 for RHEL 7

SRPMS:
openstack-swift-1.13.1-8.el7ost.src.rpm
    MD5: 5fc10bf07529d82c7ced37a433283176SHA-256: b94a9a4825d3f130aa715d6477a9b64c8c8c7209f770440832377bfc875a5529
 
x86_64:
openstack-swift-1.13.1-8.el7ost.noarch.rpm
    MD5: 6fe3caf152de67f7a3781a14fba323ccSHA-256: bf9affc86171c9b7d38a49fbb360cca50f74b3b386e4a004f7ba31b67caa96ae
openstack-swift-account-1.13.1-8.el7ost.noarch.rpm
    MD5: fccd8c5fe73768f3d6395e80a84fa61bSHA-256: 4d1dfb3f4eb9395a25381f76895b24dec97ce6b506f80428a28840640f5fe06f
openstack-swift-container-1.13.1-8.el7ost.noarch.rpm
    MD5: 27645131674e42e857a3ce4fba2fbcfeSHA-256: 3469e2d3aa8719d09caa949c468cda8e7885f0197375a862fc5e690000bd4b14
openstack-swift-doc-1.13.1-8.el7ost.noarch.rpm
    MD5: 0a16436e23d701a43f20a3e84e3d32faSHA-256: c591d916dbace321ed590147f445c250fe7723424f746c1a50ae0e0c701cf555
openstack-swift-object-1.13.1-8.el7ost.noarch.rpm
    MD5: 8a3c66fab322eb8f25e17c21a6d47975SHA-256: 6d170562b1e621d1d13546b73bab421c5caa581320d670249face2d9d62cc5d7
openstack-swift-proxy-1.13.1-8.el7ost.noarch.rpm
    MD5: 2e06236a38c7c736d53efdd3dbdfaffcSHA-256: 71b7ee4f49586050c7738d25ed8f44c3cfac20958c3a3fb9d10bfe6a46121d49
 
(The unlinked packages above are only available from the Red Hat Network)
1298905 – CVE-2016-0738 openstack-swift: Proxy to server DoS through Large Objects1298924 – CVE-2016-0737 openstack-swift: Client to proxy DoS through Large Objects

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: