Launchpad.net

CVE 2016-0737

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

Related bugs and status

CVE-2016-0737 (Candidate) is related to these bugs:

Bug #1466549: [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)

Summary				In	Importance	Status
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Object Storage (swift)	Undecided	Fix Released
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Security Advisory	Undecided	Fix Released

Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

		In	Importance	Status
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive	High	Invalid
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Object Storage (swift)	Critical	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Security Advisory	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Wily)	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Yakkety)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Trusty)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Xenial)	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive kilo	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive mitaka	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive icehouse	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive liberty	Undecided	Won't Fix

Bug #1542145: [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)

		In	Importance	Status
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 5.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 7.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 8.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.0.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 9.x	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-0737

Related bugs and status

Related bugs

References