Red Hat Bugzilla – Bug 1047867
CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node
Last modified: 2015-08-22 02:36:03 EDT
DigitalOcean recently changed the default API behavior from scrub to non-scrub when destroying a VM.
Libcloud doesn't explicitly send "scrub_data" query parameter when destroying a node. This means nodes which are destroyed using Libcloud are vulnerable to later customers stealing data contained on them. Only users who are using DigitalOcean driver are known to be affected by this issue.
The issue is said to be fixed in the version 0.13.3.
Created python-libcloud tracking bugs for this issue:
Affects: fedora-all [bug 1047868]
python-libcloud-0.13.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
python-libcloud-0.13.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
python-libcloud-0.13.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.