group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07388
[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)
** Changed in: cloud-archive
Status: New => Invalid
** Changed in: swift (Ubuntu Wily)
Status: Triaged => Won't Fix
** Changed in: swift (Ubuntu Trusty)
Status: Triaged => Won't Fix
** Changed in: swift (Ubuntu Trusty)
Status: Won't Fix => New
** Changed in: swift (Ubuntu Trusty)
Importance: Undecided => High
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1493303
Title:
[OSSA 2016-004] Swift proxy memory leak on unfinished read
(CVE-2016-0738)
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive icehouse series:
Triaged
Status in Ubuntu Cloud Archive kilo series:
Triaged
Status in Ubuntu Cloud Archive liberty series:
Triaged
Status in Ubuntu Cloud Archive mitaka series:
Fix Released
Status in OpenStack Security Advisory:
Fix Released
Status in OpenStack Object Storage (swift):
Fix Released
Status in swift package in Ubuntu:
Fix Released
Status in swift source package in Trusty:
New
Status in swift source package in Wily:
Won't Fix
Status in swift source package in Xenial:
Fix Released
Status in swift source package in Yakkety:
Fix Released
Bug description:
It looks like the Swift proxy will leak memory if the connection is
closed and the full response is not read. This opens for a potential
DoS attacks.
Reproduce:
$ swift -A http://localhost:8888/auth/v1.0 -U .. -K .. upload --use-slo --segment-size 1048576 <container> <big-file>
$ curl -H'X-Auth-Token: AUTH_...' "http://localhost:8888/v1/AUTH_../<container>/<big-file>" -m 0.001 > /dev/null
Repeat the curl command a couple of times and you will have more
information in netstat and sockstat. The important part is the -m
which sets the max time curl spends at downloading. After that point,
it'll close the connection.
$ sudo netstat -ant -p | grep :6000
$ cat /proc/net/sockstat
tcp 0 0 127.0.0.1:6000 0.0.0.0:* LISTEN 1358/python
tcp 0 43221 127.0.0.1:6000 127.0.0.1:48350 FIN_WAIT1 -
tcp 0 43221 127.0.0.1:6000 127.0.0.1:48882 FIN_WAIT1 -
tcp 939820 0 127.0.0.1:48350 127.0.0.1:6000 ESTABLISHED 17897/python
tcp 939820 0 127.0.0.1:48882 127.0.0.1:6000 ESTABLISHED 17890/python
tcp 983041 0 127.0.0.1:48191 127.0.0.1:6000 CLOSE_WAIT 17897/python
tcp 983041 0 127.0.0.1:48948 127.0.0.1:6000 CLOSE_WAIT 17892/python
Restarting the proxy frees up the lingering memory.
This problem did not exist in 2.2.0.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: swift 2.2.2-0ubuntu1~cloud0 [origin: Canonical]
ProcVersionSignature: Ubuntu 3.16.0-48.64~14.04.1-generic 3.16.7-ckt15
Uname: Linux 3.16.0-48-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.12
Architecture: amd64
CrashDB:
{
"impl": "launchpad",
"project": "cloud-archive",
"bug_pattern_url": "http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml",
}
Date: Tue Sep 8 09:55:05 2015
InstallationDate: Installed on 2015-06-22 (77 days ago)
InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
PackageArchitecture: all
SourcePackage: swift
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions