libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r892272 - in /websites/staging/libcloud/trunk/content: ./ security.html
Date Tue, 31 Dec 2013 14:24:38 GMT
Author: buildbot
Date: Tue Dec 31 14:24:37 2013
New Revision: 892272

Staging update by buildbot for libcloud

    websites/staging/libcloud/trunk/content/   (props changed)

Propchange: websites/staging/libcloud/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Tue Dec 31 14:24:37 2013
@@ -1 +1 @@

Modified: websites/staging/libcloud/trunk/content/security.html
--- websites/staging/libcloud/trunk/content/security.html (original)
+++ websites/staging/libcloud/trunk/content/security.html Tue Dec 31 14:24:37 2013
@@ -104,6 +104,25 @@
     <div id="main" class="span-16 last">
       <h2 id="libcloud-vulnerabilities">Libcloud Vulnerabilities</h2>
+<h3 id="cve-2013-6480-libcloud-doesnt-send-scrub_data-query-parameter-when-destroying-a-digitalocean-node">[CVE-2013-6480]
Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node</h3>
+<p><strong>Severity</strong>: Low<br />
+<strong>Affected Versions</strong>: Apache Libcloud <strong>0.12.3</strong>
to <strong>0.13.3</strong> (version prior
+to 0.12.3 don't include a DigitalOcean driver)<br />
+<p>DigitalOcean recently changed the default API behavior from scrub to non-scrub
+when destroying a VM.</p>
+<p>Libcloud doesn't explicitly send "scrub_data" query parameter when destroying a
+node. This means nodes which are destroyed using Libcloud are vulnerable to
+later customers stealing data contained on them.</p>
+<p>Note: Only users who are using DigitalOcean driver are affected by this issue.</p>
+<li><a href=""
+<li><a href="" rel="nofollow"></a></li>
+<p>This vulnerability has been fixed in version 0.13.3. Users who use DigitalOcean
+driver are strongly encouraged to upgrade to this release.</p>
 <h3 id="cve-2012-3446-possible-ssl-mitm-due-to-invalid-regular-expression-used-to-validate-the-target-server-hostname">[CVE-2012-3446]
Possible SSL MITM due to invalid regular expression used to validate the target server hostname</h3>
 <p><strong>Severity</strong>: Medium</p>
 <p><strong>Versions Affected</strong>:</p>

View raw message