CVE-2013-6396
Publication date 18 February 2014
Last updated 24 July 2024
Ubuntu priority
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Status
Package | Ubuntu Release | Status |
---|---|---|
python-swiftclient | 14.04 LTS trusty | Not in release |
Notes
mdeslaur
OSSA 2014-005
jdstrand
certificate verification checks are completely missing. Patch is intrusive and may not be applied to 13.10. Patch adds an --insecure option that would have to be enabled by default in the security update so as not to break production systems. Depending on upstream's decision, Ubuntu may only fix 14.04.
mdeslaur
fixed in 2.0