|
|
Log in / Subscribe / Register

Ubuntu alert USN-6884-1 (nova)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-6884-1] Nova vulnerability


Date:
              Mon, 08 Jul 2024 10:06:46 -0400


Message-ID:
              <762b702e-15d4-4f66-a179-0e52ab0a3314@canonical.com>


==========================================================================
Ubuntu Security Notice USN-6884-1
July 08, 2024

nova vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Nova would allow unintended access to files over the network.

Software Description:
- nova: OpenStack Compute cloud infrastructure

Details:

Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   nova-common                     3:29.0.1-0ubuntu1.3
   python3-nova                    3:29.0.1-0ubuntu1.3

Ubuntu 23.10
   nova-common                     3:28.0.1-0ubuntu1.3
   python3-nova                    3:28.0.1-0ubuntu1.3

Ubuntu 22.04 LTS
   nova-common                     3:25.2.1-0ubuntu2.3
   python3-nova                    3:25.2.1-0ubuntu2.3

Ubuntu 20.04 LTS
   nova-common                     2:21.2.4-0ubuntu2.8
   python3-nova                    2:21.2.4-0ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6884-1
   CVE-2024-32498

Package Information:
   https://launchpad.net/ubuntu/+source/nova/3:29.0.1-0ubunt...
   https://launchpad.net/ubuntu/+source/nova/3:28.0.1-0ubunt...
   https://launchpad.net/ubuntu/+source/nova/3:25.2.1-0ubunt...
   https://launchpad.net/ubuntu/+source/nova/2:21.2.4-0ubunt...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaL8nYACgkQZWnYVadE
vpPJ3w/7B6yOW/k8lW5C5s6ni1erkoS+J6y0sNTDiE9jim0Wt2ChK3MrhSXZAB+h
Jq12EIKHaJL1R3RlDKXlPn7y+sUng5aqxHGOW5jJutbw8WIQ393o30t590T5lDy0
AH165/4qadKszU6WFXR7bZ1Ol/4Ra898u2Yh9AK8N4iaq93F//7wd3g+sTJZrq+u
x7PcMa/culfqgdmKdVG6WsmwcSkXyBMiw/U0HsnUBHDKk0BBlIPxHoTpu9gEo/2C
X2yVul48G3MUHKBG9wCG+Q3kiL0V2cU8yG00NwFvvNRVG2D4HDL/tfAe2dZwBPf+
hc90bUemaXq20dkPZI06CcEgkI0fKMk8Vg85g4ek0T8dOZqrlw8cK97dTrj/JZUq
IkrBp8gn+w/BxFDQYAeb8zMedMc2anO35Kkl3Ud8DEolgWXc2xxS8AXtnmpNkUkZ
l7+aUNA2Z+c16Qd7W0mbt9VZ0TUA2h0cM6GurthJ6T7ItBDLHQTkS2b6MaRe18IL
d+/GfjCScmAuQGEfRz2KSMfLHsbdnrMH7MjHYOtBCVvY6+PIF2iZmKWYfNXEh1Iz
uBlSl5Q6cmnCjQvSbnBvsPfJhStDbGgzmbipUtsUpEu9N4s+T4l1i540ygBSM15g
HDoC1sLp7YHTX1ASIg+43rLCcz1uEnFvnqYwCRZrJsXkG96wB68=
=gquK
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds