A flaw was found in the way the Virtual Desktop Server Manager (VDSM) handled the removal of a virtual machine's (VM) data back end (such as an image or a volume). When removing an image or a volume, it was not securely deleted from its corresponding data domain as expected. A guest user in a new, raw VM, created in a data domain that has had VMs deleted from it, could use this flaw to read limited data from those deleted VMs, potentially disclosing sensitive information.
This issue has been addressed in following products: Red Hat Enterprise Virtualization for RHEL-5 Via RHSA-2010:0473 https://rhn.redhat.com/errata/RHSA-2010-0473.html
removing embargo.
This issue has been addressed in following products: Red Hat Enterprise Virtualization for RHEL-5 Via RHSA-2010:0476 https://rhn.redhat.com/errata/RHSA-2010-0476.html
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, the ISO image domain could not be shared with multiple Data Centers. The user had to define an independent ISO domain for each Data Center. With this update, the ISO image domain can be shared between multiple Data Centers.