group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Eduardo Barretto <1493303@xxxxxxxxxxxxxxxxxx>
Date: Mon, 06 Jul 2020 20:07:06 -0000
Reply-to: Bug 1493303 <1493303@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package swift - 1.13.1-0ubuntu1.5

---------------
swift (1.13.1-0ubuntu1.5) trusty-security; urgency=medium

  [ Jamie Strandboge ]
  * SECURITY UPDATE: disallow unsafe tempurl operations to point to
    unauthorized data
    - debian/patches/CVE-2015-5223.patch: disallow creation of DLO object
      manifests if non-safe tempurl request includes X-Object-Manifest header
    - CVE-2015-5223
    - LP: #1453948

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via incorrectly closed client connections
    - debian/patches/CVE-2016-0737.patch: get better at closing WSGI
      iterables in swift/common/middleware/dlo.py,
      swift/common/middleware/slo.py, swift/common/request_helpers.py,
      swift/common/swob.py, swift/common/utils.py,
      test/unit/common/middleware/helpers.py,
      test/unit/common/middleware/test_dlo.py,
      test/unit/common/middleware/test_slo.py.
    - CVE-2016-0737
  * SECURITY UPDATE: DoS via incorrectly closed server connections
    - debian/patches/CVE-2016-0738.patch: fix memory/socket leak in proxy
      on truncated SLO/DLO GET in swift/common/request_helpers.py,
      test/unit/common/middleware/test_slo.py.
    - CVE-2016-0738
  * Thanks to Red Hat for the patch backports!
  * debian/patches/fix-ubuntu-tests.patch: disable another test that no
    longer works on buildds.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 12 Sep 2017
07:36:43 -0400

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5223

** Changed in: swift (Ubuntu Trusty)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1493303

Title:
  [OSSA 2016-004] Swift proxy memory leak on unfinished read
  (CVE-2016-0738)

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive icehouse series:
  Triaged
Status in Ubuntu Cloud Archive kilo series:
  Triaged
Status in Ubuntu Cloud Archive liberty series:
  Triaged
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in OpenStack Security Advisory:
  Fix Released
Status in OpenStack Object Storage (swift):
  Fix Released
Status in swift package in Ubuntu:
  Fix Released
Status in swift source package in Trusty:
  Fix Released
Status in swift source package in Wily:
  Won't Fix
Status in swift source package in Xenial:
  Fix Released
Status in swift source package in Yakkety:
  Fix Released

Bug description:
  It looks like the Swift proxy will leak memory if the connection is
  closed and the full response is not read. This opens for a potential
  DoS attacks.

  Reproduce:

  $ swift -A http://localhost:8888/auth/v1.0 -U .. -K .. upload --use-slo --segment-size 1048576 <container> <big-file>
  $ curl -H'X-Auth-Token: AUTH_...' "http://localhost:8888/v1/AUTH_../<container>/<big-file>" -m 0.001 > /dev/null

  Repeat the curl command a couple of times and you will have more
  information in netstat and sockstat. The important part is the -m
  which sets the max time curl spends at downloading. After that point,
  it'll close the connection.

  $ sudo netstat -ant -p | grep :6000
  $ cat /proc/net/sockstat

  tcp        0      0 127.0.0.1:6000          0.0.0.0:*               LISTEN      1358/python
  tcp        0  43221 127.0.0.1:6000          127.0.0.1:48350         FIN_WAIT1   -
  tcp        0  43221 127.0.0.1:6000          127.0.0.1:48882         FIN_WAIT1   -
  tcp   939820      0 127.0.0.1:48350         127.0.0.1:6000          ESTABLISHED 17897/python
  tcp   939820      0 127.0.0.1:48882         127.0.0.1:6000          ESTABLISHED 17890/python
  tcp   983041      0 127.0.0.1:48191         127.0.0.1:6000          CLOSE_WAIT  17897/python
  tcp   983041      0 127.0.0.1:48948         127.0.0.1:6000          CLOSE_WAIT  17892/python

  Restarting the proxy frees up the lingering memory.

  This problem did not exist in 2.2.0.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: swift 2.2.2-0ubuntu1~cloud0 [origin: Canonical]
  ProcVersionSignature: Ubuntu 3.16.0-48.64~14.04.1-generic 3.16.7-ckt15
  Uname: Linux 3.16.0-48-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.12
  Architecture: amd64
  CrashDB:
   {
                  "impl": "launchpad",
                  "project": "cloud-archive",
                  "bug_pattern_url": "http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml";,
               }
  Date: Tue Sep  8 09:55:05 2015
  InstallationDate: Installed on 2015-06-22 (77 days ago)
  InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
  PackageArchitecture: all
  SourcePackage: swift
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions