CVE-2013-4183
Published: 7 August 2013
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
Notes
| Author | Note |
|---|---|
| jdstrand | per upstream, Ubuntu 12.10 is not affected fixed in updates of Ubuntu 13.04 c6f2f78 introduced a regression and a21b0e87 also needed |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cinder Launchpad, Ubuntu, Debian |
upstream |
Released
(1:2013.1.3)
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Not vulnerable
|
|
| raring |
Released
(1:2013.1.3-0ubuntu2.1)
|
|
| saucy |
Not vulnerable
(1:2013.2~rc3-0ubuntu1)
|
|
|
Patches: upstream: https://review.openstack.org/39565 (grizzly) upstream: https://review.openstack.org/36506 (havana) |
||