CVE-2013-4183

Published: 07 August 2013

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

Priority

Medium

Status

Package Release Status
cinder
Launchpad, Ubuntu, Debian
Upstream
Released (1:2013.1.3)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:2013.2~rc3-0ubuntu1)
Patches:
Upstream: https://review.openstack.org/39565 (grizzly)
Upstream: https://review.openstack.org/36506 (havana)

Notes

AuthorNote
jdstrand
per upstream, Ubuntu 12.10 is not affected
fixed in updates of Ubuntu 13.04
c6f2f78 introduced a regression and a21b0e87 also needed

References

Bugs