Launchpad.net

CVE 2016-0738

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

Related bugs and status

CVE-2016-0738 (Candidate) is related to these bugs:

Bug #1177924: Use testr instead of nose as the unittest runner.

		In	Importance	Status
1177924	Use testr instead of nose as the unittest runner.	Ceilometer	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	Cinder	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	Glance	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	OpenStack Dashboard (Horizon)	Wishlist	Won't Fix
1177924	Use testr instead of nose as the unittest runner.	OpenStack Identity (keystone)	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	OpenStack DBaaS (Trove)	Low	Triaged
1177924	Use testr instead of nose as the unittest runner.	OpenStack Object Storage (swift)	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-cinderclient	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-ceilometerclient	Undecided	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-heatclient	Medium	Fix Released
1177924	Use testr instead of nose as the unittest runner.	python-keystoneclient	Wishlist	Fix Released
1177924	Use testr instead of nose as the unittest runner.	django-openstack-auth	Wishlist	Won't Fix
1177924	Use testr instead of nose as the unittest runner.	manila-ui	Wishlist	Won't Fix

Bug #1466549: [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)

Summary				In	Importance	Status
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Object Storage (swift)	Undecided	Fix Released
	1466549	[OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)		OpenStack Security Advisory	Undecided	Fix Released

Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

		In	Importance	Status
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive	High	Invalid
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Object Storage (swift)	Critical	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	OpenStack Security Advisory	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Wily)	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Yakkety)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Trusty)	High	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	swift (Ubuntu Xenial)	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive kilo	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive mitaka	Undecided	Fix Released
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive icehouse	Undecided	Won't Fix
1493303	[OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)	Ubuntu Cloud Archive liberty	Undecided	Won't Fix

Bug #1529836: Fix deprecated library function (os.popen()).

		In	Importance	Status
1529836	Fix deprecated library function (os.popen()).	tempest	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Dashboard (Horizon)	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	neutron	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Compute (nova)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Object Storage (swift)	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	OpenStack Shared File Systems Service (Manila)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Cinder	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	OpenStack Identity (keystone)	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	python-keystoneclient	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Ceilometer	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Murano	Wishlist	Fix Released
1529836	Fix deprecated library function (os.popen()).	senlin	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Sahara	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	Python client library for Zaqar	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	OpenStack Heat	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	keystoneauth	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	keystonemiddleware	Low	Fix Released
1529836	Fix deprecated library function (os.popen()).	congress	Low	In Progress
1529836	Fix deprecated library function (os.popen()).	nova-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Kwapi	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	python-heatclient	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	glance_store	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	networking-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	horizon-cisco-ui	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	ceilometer-powervm	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	bilean	Undecided	In Progress
1529836	Fix deprecated library function (os.popen()).	Blazar	Wishlist	Fix Released
1529836	Fix deprecated library function (os.popen()).	group-based-policy-specs	Undecided	Fix Released
1529836	Fix deprecated library function (os.popen()).	Zaqar-ui	Undecided	Fix Released

Bug #1542145: [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)

		In	Importance	Status
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 5.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 7.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.1.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 8.0.x	High	Fix Released
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 6.0.x	High	Invalid
1542145	[OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)	Mirantis OpenStack 9.x	High	Fix Released

See the

CVE page on cve.org for more details.

Launchpad.net

CVE 2016-0738

Related bugs and status

Related bugs

References