Comment 240 for bug 2059809
Revision history for this message
| Arnaud Morin (arnaud-morin) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #240 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I tested the unified nova patch on bobcat, I am afraid we reintroduced that bug:
CVE-2022-47951 https:/
I created a monolithicFlat VMDK image, uploaded it as raw (default behavior when using openstack image create).
Nova compute calls fetch_to_raw,
which is calling do_image_
which is using "raw" inspector,
returning true on safe_check(),
setting force_format="raw"
so qemu img-info will use -f raw
preventing the check_vmdk_image call to be performed
Can someone double check, maybe I did something wrong?