Ubuntu Cloud Archive

  1. Bug #2059809
  2. Comment #206

Comment 206 for bug 2059809

Revision history for this message
Felix Huettner (felix.huettner) wrote : Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

I just ran a full tempest run with an environment based on zed and the following patches applied:

* cinder with "cinder-2059809-unified-unmaintained-zed-v2.txt"
* glance with "Glance unified patch for 2023.1" backported to zed without modifications
* nova with "Nova unified patch for 2023.1" and "nova-2023.1-2059809-additional.patch" backported to zed without modifications

Relevant drivers where:
* cinder backup: cinder.backup.drivers.nfs.NFSBackupDriver
* cinder volume: cinder.volume.drivers.netapp.common.NetAppDriver
* glance: s3

Tempest for glance, cinder and nova looks good without any errors introduced by these patches.
Also i could not find any way to exploit this vulnerability anymore.

This combination of patches therefor looks good to me, thanks everyone for all your effort