This sounds to me the correct approach as we can backport it down to the last Maintained releases but any distro can also backport it further down to Ussuri if they want (exactly like OSSA-2023-002)
+1 on nova-2059809.patch but I'll test it on a dev environment.
Nova's patch proposed by Dan relies on the same mitigation provided in https:/ /security. openstack. org/ossa/ OSSA-2023- 002.html where we rely on a metadata that was added in osloutils's imageutils.py module by https:/ /github. com/openstack/ oslo.utils/ commit/ 2180db82b605cf8 4902ee379fffc0b 34e17e92c7
This sounds to me the correct approach as we can backport it down to the last Maintained releases but any distro can also backport it further down to Ussuri if they want (exactly like OSSA-2023-002)
+1 on nova-2059809.patch but I'll test it on a dev environment.