Glance

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #2059809
Comment #196

Comment 196 for bug 2059809

Revision history for this message

Dan Smith (danms) wrote on 2024-06-26: Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498)

#196

Heads up for Zigo and any other maintainers of older releases, oslo_utils does not support the "format specific" qemu img data prior to zed with this patch:

https://github.com/openstack/oslo.utils/commit/2180db82b605cf84902ee379fffc0b34e17e92c7

Thus if you're backporting earlier than that, you will need to either snip out the QemuImgInfo format_specfic checks, or get an oslo_utils that has that ^ patch in it.

The format_inspector stuff doesn't rely on anything external, so it will continue to work. Thus you can just snip out the QemuImgInfo.format_specific usages in the patch as the easiest solution if updating oslo_utils is less favorable.