Summary: | sys-cluster/cinder : LVM volume driver does not support secure deletion (CVE-2013-4183) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=994355 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-07 11:28:54 UTC
cinder has been updated to 2013.1.3, all bad versions removed from tree, please close. I'm removing myself as I see this as closable, re-add me if you don't think so. CVE-2013-4183 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4183): The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. |