Comment 17 for bug 1198185
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: delete_snapshot in LVMVolumeDriver not really zero the snapshot | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
That being the case, I think a slightly different impact description is in order:
-------
Title: Cinder LVM volume drivers do not support secure deletion
Reporter: Rongze Zhu
Products: Cinder
Affects: 2013.1 (Grizzly) and later
Description:
Rongze Zhu reported a vulnerability in Cinder LVM volume drivers.
The contents of LVM snapshots may not be cleared upon deletion even
when secure deletes are configured, resulting in potential exposure
of latent data to subsequent servers for other tenants. Only setups
using LVMVolumeDriver or ThinLVMVolumeDriver are affected.
-------
Everyone: please check that the description is accurate.
Rongze Zhu: do you want us to additionally credit the company you work for (SINA, UnitedStack, anyone)?