Package "nova-conductor"
Name: |
nova-conductor
|
Description: |
OpenStack Compute - conductor service
|
Latest version: |
3:29.0.1-0ubuntu1.4 |
Release: |
noble (24.04) |
Level: |
updates |
Repository: |
main |
Head package: |
nova |
Homepage: |
https://launchpad.net/nova |
Links
Download "nova-conductor"
Other versions of "nova-conductor" in Noble
Changelog
nova (3:29.0.1-0ubuntu1.4) noble-security; urgency=medium
* SECURITY UPDATE: Incomplete file access fix and regression for QCOW2
backing files and VMDK flat descriptors
- debian/patches/CVE-2024-40767-pre1.patch: port format inspector tests
from glance.
- debian/patches/CVE-2024-40767-pre2.patch: reproduce iso regression
with deep format inspection.
- debian/patches/CVE-2024-40767-pre3.patch: add iso file format
inspector.
- debian/patches/CVE-2024-40767-pre4.patch: fix qemu-img version
dependent tests.
- debian/patches/CVE-2024-40767-pre5.patch: stabilize iso format unit
tests.
- debian/patches/CVE-2024-40767.patch: change force_format strategy to
catch mismatches.
- CVE-2024-40767
* Replace CVE-2024-32498 patches with final versions from git.
- debian/patches/CVE-2024-32498-*
* debian/control: added qemu-utils to Build-Depends so qemu-img is
available for new tests.
-- Marc Deslauriers <email address hidden> Wed, 17 Jul 2024 12:46:50 -0400
|
Source diff to previous version |
CVE-2024-32498 |
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom |
|
nova (3:29.0.1-0ubuntu1.3) noble-security; urgency=medium
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498-1.patch: reject qcow files with
data-file attributes.
- debian/patches/CVE-2024-32498-2.patch: check images with
format_inspector for safety.
- debian/patches/CVE-2024-32498-3.patch: additional qemu safety
checking on base images.
- debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
checking.
- CVE-2024-32498
-- Marc Deslauriers <email address hidden> Mon, 01 Jul 2024 14:08:34 -0400
|
CVE-2024-32498 |
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom |
|
About
-
Send Feedback to @ubuntu_updates