[SECURITY] Fedora 17 Update: openstack-swift-1.4.8-3.fc17

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 18 00:31:49 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-15642
2012-10-08 21:16:03
--------------------------------------------------------------------------------

Name        : openstack-swift
Product     : Fedora 17
Version     : 1.4.8
Release     : 3.fc17
URL         : http://launchpad.net/swift
Summary     : OpenStack Object Storage (swift)
Description :
OpenStack Object Storage (swift) aggregates commodity servers to work together
in clusters for reliable, redundant, and large-scale storage of static objects.
Objects are written to multiple hardware devices in the data center, with the
OpenStack software responsible for ensuring data replication and integrity
across the cluster. Storage clusters can scale horizontally by adding new nodes,
which are automatically configured. Should a node fail, OpenStack works to
replicate its content from other active nodes. Because OpenStack uses software
logic to ensure data replication and distribution across different devices,
inexpensive commodity hard drives and servers can be used in lieu of more
expensive equipment.

--------------------------------------------------------------------------------
Update Information:

Do not use pickle for serialization in memcache (CVE-2012-4406)

--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 27 2012 Derek Higgins <derekh at redhat.com> - 1.4.8-3
- Do not use pickle for serialization in memcache (CVE-2012-4406)
- include bugfixes from f16 (rhbz#810392 rhbz#807172 rhbz#809393)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #854761 - CVE-2012-4406 Openstack-Swift: insecure use of python pickle() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=854761
  [ 2 ] Bug #807172 - Addition to openstack-swift packaging (man pages)
        https://bugzilla.redhat.com/show_bug.cgi?id=807172
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openstack-swift' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list