Ubuntu Cloud Archive

  1. Bug #2059809
  2. Comment #366

Comment 366 for bug 2059809

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package nova - 3:27.1.0-0ubuntu1.2~cloud0
---------------

 nova (3:27.1.0-0ubuntu1.2~cloud0) jammy; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: check images with
       format_inspector for safety.
     - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
       checking on base images.
     - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
       checking.
     - CVE-2024-32498