[ubuntu/oracular-proposed] nova 3:29.0.1-0ubuntu4 (Accepted)

James Page james.page at ubuntu.com
Tue Jul 2 16:43:14 UTC 2024 

nova (3:29.0.1-0ubuntu4) oracular; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: check images with
      format_inspector for safety.
    - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
      checking on base images.
    - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
      checking.
    - CVE-2024-32498

Date: Fri, 21 Jun 2024 15:45:59 +0100
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/nova/3:29.0.1-0ubuntu4
-------------- next part --------------
Format: 1.8
Date: Fri, 21 Jun 2024 15:45:59 +0100
Source: nova
Built-For-Profiles: noudeb
Architecture: source
Version: 3:29.0.1-0ubuntu4
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Launchpad-Bugs-Fixed: 2059809
Changes:
 nova (3:29.0.1-0ubuntu4) oracular; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: check images with
       format_inspector for safety.
     - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
       checking on base images.
     - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
       checking.
     - CVE-2024-32498
Checksums-Sha1:
 b98d8d7ade5342363890464f9eb0c862748b6429 6835 nova_29.0.1-0ubuntu4.dsc
 2420944bff92b0231b8ce5c2f22563334a3fca2c 58532 nova_29.0.1-0ubuntu4.debian.tar.xz
 9b051afeef8c02ac5783d6a0f1767dec23832bf0 9546 nova_29.0.1-0ubuntu4_source.buildinfo
Checksums-Sha256:
 40601c7c82e17dd4392642d24c0a64a0f6bdbb31caab7c9deef4fa75b8c5fa7b 6835 nova_29.0.1-0ubuntu4.dsc
 11a19d42b5c450d5372d7b022e930a25c158c2ae5a047f016ff900407c1444b5 58532 nova_29.0.1-0ubuntu4.debian.tar.xz
 e148e16a0f0ca5a19f32d0c89f21ad4175c98272148157cd49c3a1373ed1c9fa 9546 nova_29.0.1-0ubuntu4_source.buildinfo
Files:
 5765c85dff15709a42065ab4f1eeb38c 6835 net optional nova_29.0.1-0ubuntu4.dsc
 cef100cc8d241f2b0db87a91090c3add 58532 net optional nova_29.0.1-0ubuntu4.debian.tar.xz
 47abb5591beddf0fcd752a1b6390fb83 9546 net optional nova_29.0.1-0ubuntu4_source.buildinfo
Original-Maintainer: Openstack Maintainers <openstack at lists.launchpad.net>

More information about the oracular-changes mailing list