[OSSA 2013-021] Cinder LVM volume driver does not support secure deletion (CVE-2013-4183)
Bug #1198185 reported by
Rongze Zhu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
High
|
Rongze Zhu | ||
Grizzly |
Fix Released
|
High
|
Nikolay Sobolevsky | ||
OpenStack Security Advisory |
Fix Released
|
Medium
|
Jeremy Stanley |
Bug Description
the delete action process:
delete_
def clear_volume(self, volume):
vol_path = self.local_
size_in_g = volume.get('size')
size_in_m = self.configurat
if not size_in_g:
return
....
....
Because snapshot without 'size' field, so it will skip secure delete.
Related branches
CVE References
Changed in cinder: | |
assignee: | nobody → Rongze Zhu (zrzhit) |
tags: | added: drivers lvm |
Changed in ossa: | |
status: | New → Incomplete |
information type: | Public → Public Security |
Changed in ossa: | |
assignee: | nobody → Jeremy Stanley (fungi) |
Changed in cinder: | |
status: | New → Triaged |
milestone: | none → havana-2 |
Changed in cinder: | |
status: | Triaged → In Progress |
Changed in ossa: | |
status: | Confirmed → Triaged |
Changed in cinder: | |
status: | Fix Committed → Fix Released |
Changed in ossa: | |
status: | Triaged → In Progress |
summary: |
- delete_snapshot in LVMVolumeDriver not really zero the snapshot + Cinder LVM volume driver does not support secure deletion + (CVE-2013-4183) |
Changed in ossa: | |
status: | In Progress → Fix Committed |
summary: |
- Cinder LVM volume driver does not support secure deletion - (CVE-2013-4183) + [OSSA 2013-021] Cinder LVM volume driver does not support secure + deletion (CVE-2013-4183) |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | havana-2 → 2013.2 |
To post a comment you must log in.
I think it definitely warrants an advisory. Feel free to correct me.