Ubuntu Cloud Archive

  1. Bug #2059809
  2. Comment #239

Comment 239 for bug 2059809

Revision history for this message
Felix Huettner (felix.huettner) wrote : Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

Thanks Dan and Brian for all the patches.

I backported #235, #230 and #217 to zed and tested them with tempest.

There where no failures in these tests with the following setup:
* cinder backup: cinder.backup.drivers.nfs.NFSBackupDriver
* cinder volume: cinder.volume.drivers.netapp.common.NetAppDriver (ontap_cluster, nfs)
* glance: s3

Also i could not reproduce any of the exploits.

Thanks again everyone for all of the work