Comment 61 for bug 2071734
Revision history for this message
| Balazs Gibizer (balazs-gibizer) wrote Re: Regression VMDK/qcow arbitrary file access (CVE-2024-40767) | #61 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks Dan. I agree on the summary. In the meantime I tested the vmdk scenario with an image that points to an existing and readable file on the hypervisor. Nova do call qemu-img info on the file but then our new check that compares the disk_format from glance and from the format inspector (raw in this case) with the disk_format returned from qemu-img info call will fail and nova will properly reject the image.