Launchpad.net

CVE 2016-0738

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

Related bugs and status

CVE-2016-0738 (Candidate) is related to these bugs:

Bug #1177924: Use testr instead of nose as the unittest runner.

		In	Importance	Status
1177924	Use testr instead of nose as the unittest runner.	Ceilometer	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	Cinder	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	Glance	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	OpenStack Dashboard (Horizon)	Wishlist	Won't Fix
1177924	Use testr instead of nose as the unittest runner.	OpenStack Identity (keystone)	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	OpenStack DBaaS (Trove)	Low	Triaged
1177924	Use testr instead of nose as the unittest runner.	OpenStack Object Storage (swift)	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-cinderclient	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-ceilometerclient	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-heatclient	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-keystoneclient	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	django-openstack-auth	Wishlist	Won't Fix
1177924	Use testr instead of nose as the unittest runner.	manila-ui	Wishlist	Won't Fix

Bug #1409302: Use of GreenAsyncPile can lose txn_id logging

Summary				In	Importance	Status
	1409302	Use of GreenAsyncPile can lose txn_id logging		OpenStack Object Storage (swift)	Medium	In Progress

Bug #1419901: container-sync checks invalid ClientException

Summary				In	Importance	Status
	1419901	container-sync checks invalid ClientException		OpenStack Object Storage (swift)	Critical	Fix Released

Bug #1466549: [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)

Summary				In	Importance	Status
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Object Storage (swift)	Undecided	Fix Released
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Security Advisory	Undecided	Fix Released

Bug #1476623: Excessive resource consumption looking for containers to sync

Summary				In	Importance	Status
	1476623	Excessive resource consumption looking for containers to sync		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1488704: FakeRing does fake get_part anymore

Summary				In	Importance	Status
	1488704	FakeRing does fake get_part anymore		OpenStack Object Storage (swift)	Low	Fix Released

Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

		In	Importance	Status
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive	High	Invalid
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Object Storage (swift)	Critical	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Security Advisory	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Wily)	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Yakkety)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Trusty)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Xenial)	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive kilo	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive mitaka	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive icehouse	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive liberty	Undecided	Won't Fix

Bug #1526017: expose time remaining in min_part_hours

Summary				In	Importance	Status
	1526017	expose time remaining in min_part_hours		OpenStack Object Storage (swift)	Wishlist	Fix Released

Bug #1526575: *LO subrequests don't pass on the referer or req.acl on

Summary				In	Importance	Status
	1526575	*LO subrequests don't pass on the referer or req.acl on		OpenStack Object Storage (swift)	Medium	Fix Released

Bug #1526588: Reconciler unit test fails in non-UTC time zone

Summary				In	Importance	Status
	1526588	Reconciler unit test fails in non-UTC time zone		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1526697: Typo in Deployment Guide

Summary				In	Importance	Status
	1526697	Typo in Deployment Guide		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1526725: tox -e func -- --until-failure does not work

Summary				In	Importance	Status
	1526725	tox -e func -- --until-failure does not work		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1528189: auth_prefix option in tempauth middleware does not work

Summary				In	Importance	Status
	1528189	auth_prefix option in tempauth middleware does not work		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1529321: AttributeError: 'LogAdapter' object has no attribute 'warn'

Summary				In	Importance	Status
	1529321	AttributeError: 'LogAdapter' object has no attribute 'warn'		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1529836: Fix deprecated library function (os.popen()).

		In	Importance	Status
1529836	Fix deprecated library function (os.popen()).	tempest	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Dashboard (Horizon)	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	neutron	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Compute (nova)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Object Storage (swift)	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	OpenStack Shared File Systems Service (Manila)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Cinder	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Identity (keystone)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	python-keystoneclient	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Ceilometer	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Murano	Wishlist	Fix Released
1529836	Fix deprecated library function (os.popen()).	senlin	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Sahara	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	Python client library for Zaqar	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	OpenStack Heat	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	keystoneauth	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	keystonemiddleware	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	congress	Low	In Progress
1529836	Fix deprecated library function (os.popen()).	nova-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Kwapi	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	python-heatclient	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	glance_store	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	networking-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	horizon-cisco-ui	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	ceilometer-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	bilean	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	Blazar	Wishlist	Fix Released
1529836	Fix deprecated library function (os.popen()).	group-based-policy-specs	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Zaqar-ui	Undecided	Fix Released

Bug #1531173: write_affinity stores only replica counts in local region. The write_affinity_node_count has no effect

Summary				In	Importance	Status
	1531173	write_affinity stores only replica counts in local region. The write_affinity_node_count has no effect		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1532126: PUT X-Copy-From with Range violates RFC7233

Summary				In	Importance	Status
	1532126	PUT X-Copy-From with Range violates RFC7233		OpenStack Object Storage (swift)	Low	Fix Released

Bug #1532276: ring device holes not reused

Summary				In	Importance	Status
	1532276	ring device holes not reused		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1532471: invalid x-timestamp causes 500

Summary				In	Importance	Status
	1532471	invalid x-timestamp causes 500		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1533002: object-auditor skips EC fragments

Summary				In	Importance	Status
	1533002	object-auditor skips EC fragments		OpenStack Object Storage (swift)	Critical	Fix Released

Bug #1533768: inconsistent types returned for metadata

Summary				In	Importance	Status
	1533768	inconsistent types returned for metadata		OpenStack Object Storage (swift)	High	Fix Released

Bug #1534276: inconsistent suffix hashes after ssync replication of a tombstone

Summary				In	Importance	Status
	1534276	inconsistent suffix hashes after ssync replication of a tombstone		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1534303: Slowdown on PUT with write-affinity on and zero-weight zone

Summary				In	Importance	Status
	1534303	Slowdown on PUT with write-affinity on and zero-weight zone		OpenStack Object Storage (swift)	Medium	Fix Released

Bug #1534325: remove jerasure from swift docs

Summary				In	Importance	Status
	1534325	remove jerasure from swift docs		OpenStack Object Storage (swift)	Wishlist	Fix Released

Bug #1536037: fast-post broken with object mem server

Summary				In	Importance	Status
	1536037	fast-post broken with object mem server		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1536067: Duplicated code

Summary				In	Importance	Status
	1536067	Duplicated code		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1537042: versioned_writes middleware is mis-placed in proxy pipeline

Summary				In	Importance	Status
	1537042	versioned_writes middleware is mis-placed in proxy pipeline		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1538834: max_large_object_get_time is not used

Summary				In	Importance	Status
	1538834	max_large_object_get_time is not used		OpenStack Object Storage (swift)	Low	Fix Released

Bug #1540884: Object copied by container-sync may have older timestamp than source

Summary				In	Importance	Status
	1540884	Object copied by container-sync may have older timestamp than source		OpenStack Object Storage (swift)	High	Fix Released

Bug #1541491: recon not contacting all hosts when using storage policies

Summary				In	Importance	Status
	1541491	recon not contacting all hosts when using storage policies		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1542145: [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)

		In	Importance	Status
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 5.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 7.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 8.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.0.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 9.x	High	Fix Released

Bug #1542168: EC: Accept-Range missing in EC GET response

Summary				In	Importance	Status
	1542168	EC: Accept-Range missing in EC GET response		OpenStack Object Storage (swift)	Low	Fix Released

Bug #1542227: docs and sample config wrongly suggest that default log_statsd_host is localhost

Summary				In	Importance	Status
	1542227	docs and sample config wrongly suggest that default log_statsd_host is localhost		OpenStack Object Storage (swift)	Low	Fix Released

Bug #1546865: older PUT than tombstone creates .data file

Summary				In	Importance	Status
	1546865	older PUT than tombstone creates .data file		OpenStack Object Storage (swift)	Undecided	Fix Released

Bug #1550067: test_object_delete_at_aysnc_update is misnamed.

Summary				In	Importance	Status
	1550067	test_object_delete_at_aysnc_update is misnamed.		OpenStack Object Storage (swift)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-0738

Related bugs and status

Related bugs

References