This bug was fixed in the package nova - 3:25.2.1-0ubuntu2.3~cloud0
---------------
nova (3:25.2.1-0ubuntu2.3~cloud0) focal; urgency=medium
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal.
.
nova (3:25.2.1-0ubuntu2.3) jammy-security; urgency=medium
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498-pre1.patch: consolidate create_cow_image and create_image.
- debian/patches/CVE-2024-32498-1.patch: reject qcow files with
data-file attributes.
- debian/patches/CVE-2024-32498-2.patch: check images with format_inspector for safety.
- debian/patches/CVE-2024-32498-3.patch: additional qemu safety
checking on base images.
- debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
checking.
- CVE-2024-32498
.
nova (3:25.2.1-0ubuntu2) jammy; urgency=medium
.
* d/p/libvirt-remove-default-cputune-shares-value.patch:
Enable launch of instances with more than 9 CPUs on Jammy
(LP: #1978489).
.
nova (3:25.2.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2037332).
.
nova (3:25.2.0-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2025503).
* d/p/CVE-2023-2088-*.patch: Dropped. Fixed in point release.
.
nova (3:25.1.1-0ubuntu1.1) jammy-security; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
disconnect during delete.
- debian/patches/CVE-2023-2088-2.patch: Enable use of service user
token with admin context.
- CVE-2023-2088
.
nova (3:25.1.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2019759).
* d/p/ignore-deleted-server-groups-in-validation.patch: Dropped. Fixed
in stable point release.
.
nova (3:25.1.0-0ubuntu2.2) jammy-security; urgency=medium
.
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/patches/series: Do not apply CVE-2023-2088.patch until
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
.
nova (3:25.1.0-0ubuntu2.1) jammy-security; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access
- debian/patches/CVE-2023-2088.patch: Use force=True for os-brick
disconnect during delete.
- CVE-2023-2088
.
nova (3:25.1.0-0ubuntu2) jammy; urgency=medium
.
* Backport fix to ignore deleted server groups (LP: #1890244)
d/p/ignore-deleted-server-groups-in-validation.patch
.
nova (3:25.1.0-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2004030).
.
nova (3:25.0.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #1980369).
.
nova (3:25.0.0-0ubuntu1.1) jammy; urgency=medium
.
[ Corey Bryant ]
* d/gbp.conf: Create stable/yoga branch.
.
[ Felipe Reyes ]
* d/nova-common.postinst: Don't change file permissions under
/var/lib/nova/.ssh (LP: #1904580).
.
nova (3:25.0.0-0ubuntu1) jammy; urgency=medium
.
* d/watch: Scope to 25.x series
* New upstream release for OpenStack Yoga.
.
nova (3:24.0.0+git2022030310.3f274c65cc-0ubuntu2) jammy; urgency=medium
.
* d/control: Drop min version of python3-testtools to 2.4.0.
.
nova (3:24.0.0+git2022030310.3f274c65cc-0ubuntu1) jammy; urgency=medium
.
* New upstream snapshot for OpenStack Yoga.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:24.0.0+git2022011217.ea3945f71c-0ubuntu1) jammy; urgency=medium
.
* New upstream snapshot for OpenStack Yoga.
* d/control, d/rules: Bump debhelper compat to 13.
.
nova (3:24.0.0+git2021120815.755aa11e0c-0ubuntu1) jammy; urgency=medium
.
* New upstream snapshot for OpenStack Yoga.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:24.0.0-0ubuntu1) impish; urgency=medium
.
* d/watch: Scope to 24.x series
* New upstream release for OpenStack Xena.
.
nova (3:23.0.2+git2021090912.edaaa97d99-0ubuntu1) impish; urgency=medium
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
* d/p/arm-console-patch.patch: Rebased.
.
nova (3:23.0.2+git2021072117.3545356ae3-0ubuntu1) impish; urgency=medium
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.1+git2021061405.052cf96358-0ubuntu2) impish; urgency=medium
.
* d/nova-compute-ironic.conf: Use the correct compute_driver for
ironic (LP: #1934533).
* d/t/nova-compute-daemons: Add nova-compute-ironic to test.
.
nova (3:23.0.1+git2021061405.052cf96358-0ubuntu1) impish; urgency=medium
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.0-0ubuntu1) hirsute; urgency=medium
.
* New upstream release for OpenStack Wallaby.
.
nova (3:23.0.0~rc2-0ubuntu1) hirsute; urgency=medium
.
* New upstream release candidate for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.0~rc1-0ubuntu1) hirsute; urgency=medium
.
* d/control: Remove unnecessary dh-systemd Build-Depend
* d/watch: Scope to 23.x series
* New upstream release candidate for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:22.1.0+git2021030407.0226f9dd63-0ubuntu1) hirsute; urgency=medium
.
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:22.0.1+git2021012713.d92c0740c6-0ubuntu1) hirsute; urgency=medium
.
[ Corey Bryant ]
* d/control: Drop mox3 inline with upstream.
.
[ Chris MacNaughton ]
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
* d/p/arm-console-patch.patch: Refreshed.
.
nova (3:22.0.1+git2020121010.3a6c1cbc3a-0ubuntu1) hirsute; urgency=medium
.
* Increment epoch to align with new snapshot plan.
* New upstream snapshot for OpenStack Wallaby.
.
nova (2:23.0.0~b1~git2020120312.f0efcae697-0ubuntu2) hirsute; urgency=medium
.
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.0-0ubuntu1) groovy; urgency=medium
.
* New upstream release for OpenStack Victoria.
.
nova (2:22.0.0~rc1-0ubuntu1) groovy; urgency=medium
.
[ Chris MacNaughton ]
* d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
* d/watch: Scope to 22.x series.
.
[ Corey Bryant ]
* New upstream release candidate for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu3) groovy; urgency=medium
.
* d/nova-compute-libvirt.postinst: Ensure libvirt-qemu user is removed
from nova group on package upgrade (LP: #1896617).
.
nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu2) groovy; urgency=medium
.
* d/nova-compute-libvirt.postinst: Drop libvirt-qemu user from nova group.
This is no longer needed with recent /var/lib/nova permission changes and
causes live snapshots to fail (LP: #1896617).
.
nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu1) groovy; urgency=medium
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.0~b2~git2020073014.2f3a380c3c-0ubuntu2) groovy; urgency=medium
.
[ Chris MacNaughton ]
* d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419).
.
[ Corey Bryant ]
* d/control, d/nova-compute-ironic.conf, d/rules: Add nova-compute-ironic
binary package.
.
nova (2:22.0.0~b2~git2020073014.2f3a380c3c-0ubuntu1) groovy; urgency=medium
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Drop min version of openstack-pkg-tools.
* d/control: Update Standards-Version to 4.5.0.
.
nova (2:22.0.0~b1~git2020070713.bc784a1c1f-0ubuntu1) groovy; urgency=medium
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
* d/p/add-mysql8-compatibility.patch: Removed. Change landed upstream.
* d/p/arm-console-patch.patch: Refreshed.
* d/p/drop-sphinxcontrib-rsvgconverter.patch: Refreshed
This bug was fixed in the package nova - 3:25.2. 1-0ubuntu2. 3~cloud0
---------------
nova (3:25.2. 1-0ubuntu2. 3~cloud0) focal; urgency=medium 1-0ubuntu2. 3) jammy-security; urgency=medium patches/ CVE-2024- 32498-pre1. patch: consolidate
create_ cow_image and create_image. patches/ CVE-2024- 32498-1. patch: reject qcow files with patches/ CVE-2024- 32498-2. patch: check images with
format_ inspector for safety. patches/ CVE-2024- 32498-3. patch: additional qemu safety patches/ CVE-2024- 32498-4. patch: fix vmdk_allowed_types remove- default- cputune- shares- value.patch: 2023-2088- *.patch: Dropped. Fixed in point release. 1-0ubuntu1. 1) jammy-security; urgency=medium patches/ CVE-2023- 2088-1. patch: Use force=True for os-brick patches/ CVE-2023- 2088-2. patch: Enable use of service user deleted- server- groups- in-validation. patch: Dropped. Fixed 0-0ubuntu2. 2) jammy-security; urgency=medium patches/ series: Do not apply CVE-2023-2088.patch until 0-0ubuntu2. 1) jammy-security; urgency=medium patches/ CVE-2023- 2088.patch: Use force=True for os-brick p/ignore- deleted- server- groups- in-validation. patch 0-0ubuntu1. 1) jammy; urgency=medium common. postinst: Don't change file permissions under lib/nova/ .ssh (LP: #1904580). 0+git2022030310 .3f274c65cc- 0ubuntu2) jammy; urgency=medium 0+git2022030310 .3f274c65cc- 0ubuntu1) jammy; urgency=medium 0+git2022011217 .ea3945f71c- 0ubuntu1) jammy; urgency=medium 0+git2021120815 .755aa11e0c- 0ubuntu1) jammy; urgency=medium 2+git2021090912 .edaaa97d99- 0ubuntu1) impish; urgency=medium console- patch.patch: Rebased. 2+git2021072117 .3545356ae3- 0ubuntu1) impish; urgency=medium 1+git2021061405 .052cf96358- 0ubuntu2) impish; urgency=medium compute- ironic. conf: Use the correct compute_driver for compute- daemons: Add nova-compute-ironic to test. 1+git2021061405 .052cf96358- 0ubuntu1) impish; urgency=medium 0~rc2-0ubuntu1) hirsute; urgency=medium 0~rc1-0ubuntu1) hirsute; urgency=medium 0+git2021030407 .0226f9dd63- 0ubuntu1) hirsute; urgency=medium 1+git2021012713 .d92c0740c6- 0ubuntu1) hirsute; urgency=medium console- patch.patch: Refreshed. 1+git2020121010 .3a6c1cbc3a- 0ubuntu1) hirsute; urgency=medium 0~b1~git2020120 312.f0efcae697- 0ubuntu2) hirsute; urgency=medium 0~rc1-0ubuntu1) groovy; urgency=medium 0~b3~git2020091 410.76b2fbd90e- 0ubuntu3) groovy; urgency=medium compute- libvirt. postinst: Ensure libvirt-qemu user is removed 0~b3~git2020091 410.76b2fbd90e- 0ubuntu2) groovy; urgency=medium compute- libvirt. postinst: Drop libvirt-qemu user from nova group. 0~b3~git2020091 410.76b2fbd90e- 0ubuntu1) groovy; urgency=medium 0~b2~git2020073 014.2f3a380c3c- 0ubuntu2) groovy; urgency=medium compute- ironic. conf, d/rules: Add nova-compute-ironic 0~b2~git2020073 014.2f3a380c3c- 0ubuntu1) groovy; urgency=medium pkg-tools. 0~b1~git2020070 713.bc784a1c1f- 0ubuntu1) groovy; urgency=medium mysql8- compatibility. patch: Removed. Change landed upstream. console- patch.patch: Refreshed. sphinxcontrib- rsvgconverter. patch: Refreshed
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal.
.
nova (3:25.2.
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/
- debian/
data-file attributes.
- debian/
- debian/
checking on base images.
- debian/
checking.
- CVE-2024-32498
.
nova (3:25.2.1-0ubuntu2) jammy; urgency=medium
.
* d/p/libvirt-
Enable launch of instances with more than 9 CPUs on Jammy
(LP: #1978489).
.
nova (3:25.2.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2037332).
.
nova (3:25.2.0-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2025503).
* d/p/CVE-
.
nova (3:25.1.
.
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/
disconnect during delete.
- debian/
token with admin context.
- CVE-2023-2088
.
nova (3:25.1.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2019759).
* d/p/ignore-
in stable point release.
.
nova (3:25.1.
.
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
.
nova (3:25.1.
.
* SECURITY UPDATE: Unauthorized File Access
- debian/
disconnect during delete.
- CVE-2023-2088
.
nova (3:25.1.0-0ubuntu2) jammy; urgency=medium
.
* Backport fix to ignore deleted server groups (LP: #1890244)
d/
.
nova (3:25.1.0-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #2004030).
.
nova (3:25.0.1-0ubuntu1) jammy; urgency=medium
.
* New stable point release for OpenStack Yoga (LP: #1980369).
.
nova (3:25.0.
.
[ Corey Bryant ]
* d/gbp.conf: Create stable/yoga branch.
.
[ Felipe Reyes ]
* d/nova-
/var/
.
nova (3:25.0.0-0ubuntu1) jammy; urgency=medium
.
* d/watch: Scope to 25.x series
* New upstream release for OpenStack Yoga.
.
nova (3:24.0.
.
* d/control: Drop min version of python3-testtools to 2.4.0.
.
nova (3:24.0.
.
* New upstream snapshot for OpenStack Yoga.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:24.0.
.
* New upstream snapshot for OpenStack Yoga.
* d/control, d/rules: Bump debhelper compat to 13.
.
nova (3:24.0.
.
* New upstream snapshot for OpenStack Yoga.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:24.0.0-0ubuntu1) impish; urgency=medium
.
* d/watch: Scope to 24.x series
* New upstream release for OpenStack Xena.
.
nova (3:23.0.
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
* d/p/arm-
.
nova (3:23.0.
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.
.
* d/nova-
ironic (LP: #1934533).
* d/t/nova-
.
nova (3:23.0.
.
* New upstream snapshot for OpenStack Xena.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.0-0ubuntu1) hirsute; urgency=medium
.
* New upstream release for OpenStack Wallaby.
.
nova (3:23.0.
.
* New upstream release candidate for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:23.0.
.
* d/control: Remove unnecessary dh-systemd Build-Depend
* d/watch: Scope to 23.x series
* New upstream release candidate for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:22.1.
.
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:22.0.
.
[ Corey Bryant ]
* d/control: Drop mox3 inline with upstream.
.
[ Chris MacNaughton ]
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
* d/p/arm-
.
nova (3:22.0.
.
* Increment epoch to align with new snapshot plan.
* New upstream snapshot for OpenStack Wallaby.
.
nova (2:23.0.
.
* New upstream snapshot for OpenStack Wallaby.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.0-0ubuntu1) groovy; urgency=medium
.
* New upstream release for OpenStack Victoria.
.
nova (2:22.0.
.
[ Chris MacNaughton ]
* d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
* d/watch: Scope to 22.x series.
.
[ Corey Bryant ]
* New upstream release candidate for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.
.
* d/nova-
from nova group on package upgrade (LP: #1896617).
.
nova (2:22.0.
.
* d/nova-
This is no longer needed with recent /var/lib/nova permission changes and
causes live snapshots to fail (LP: #1896617).
.
nova (2:22.0.
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
.
nova (2:22.0.
.
[ Chris MacNaughton ]
* d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419).
.
[ Corey Bryant ]
* d/control, d/nova-
binary package.
.
nova (2:22.0.
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Drop min version of openstack-
* d/control: Update Standards-Version to 4.5.0.
.
nova (2:22.0.
.
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
* d/p/add-
* d/p/arm-
* d/p/drop-