OpenStack Compute (nova)

  1. Bug #2059809
  2. Comment #426

Comment 426 for bug 2059809

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package nova - 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1~cloud0
---------------

 nova (3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1~cloud0) noble-dalmatian; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 nova (3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1) oracular; urgency=medium
 .
   * New upstream snapshot for OpenStack Dalmatian.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/test-hacking-compat.patch: Drop, included upstream.
   * d/p/oslo.versionedobjects-compat.patch: Drop, similar included
     upstream.
   * d/p/CVE*.patch: Drop, included in snapshot.
 .
 nova (3:29.0.1-0ubuntu4) oracular; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: check images with
       format_inspector for safety.
     - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
       checking on base images.
     - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
       checking.
     - CVE-2024-32498