Headline
Debian Security Advisory 5754-1
Debian Linux Security Advisory 5754-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5754-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffAugust 21, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : cinderCVE ID : CVE-2024-32498Martin Kaesberger discovered a vulnerability which affects multipleOpenStack components (Nova, Glance and Cinder): Malformed QCOW2 diskimages may result in the disclosure of arbitrary files.For the stable distribution (bookworm), this problem has been fixed inversion 2:21.3.1-1~deb12u1.We recommend that you upgrade your cinder packages.For the detailed security status of cinder please refer toits security tracker page at:https://security-tracker.debian.org/tracker/cinderFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFyK0ACgkQEMKTtsN8TjbX4Q//UEnptocLmd2xjQFiWwKRjzs/63sPfG9jhSMZtEMrhUpXMbBOvAWgYu9b/Cpu6UQufNuJ5u9zPTyb8GQXP5Uy8EHTGSjpVtv2MivuUQ/Hb5JmvWBwJ6Yb2hx7wWB1eb2y9VBGCtHE481dQpgcZoRVxdSi/QsKvaKIOh9bpaEL7kVpRE5BbewKwO/YX1xQ1HgkjF/IOdegcXnLJW3co2930vHUyYRyOE2/HeYFeHbKZLKZQOcruLZy8tXqTrZZb6qP5BFWeQH0pTqyQGUJJ2Qe1LbB8DW9DNRPTsCYocr//gRi40bhgBRv7FQfcWh0AGj6Ka0ItiVB7pBrV6BTtC+uAEqHjzt+ATmb4HlEWnyydwjuMmsso7Qo+yuw2SEiOlqEqO7EkOxrXdTFeaU1mHqoli4JX5+jrIYth9m7LHwi+VoAfKIBIlH8GFs1bPompF1hzdL9Quntvjg2LAI269PbG4taKUi7bH0TTVnDswhkyag0CJPW8T4Rxr3mcLLl1zL4xX+mbFjnp/I2mqGNEcq6z1d/Xn+y9m24k1ZNwVzjeUvbcKdDGZTDEngCdnToAYO9seTXoZ3SUvbys3aLsPhPE69UfWDaOJ1ngbsW9JepALIebRbJ39feAdDYa+JUwdiG44byISprQFwTYWVGi1AlD3kvAT3gnFzm+TMrhxC2KxA==kX3T-----END PGP SIGNATURE-----Related news
Debian Linux Security Advisory 5756-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.
Debian Linux Security Advisory 5755-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.
Red Hat Security Advisory 2024-4425-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1.
Ubuntu Security Notice 6884-1 - Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
Ubuntu Security Notice 6883-1 - Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
Ubuntu Security Notice 6882-1 - Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
Red Hat Security Advisory 2024-4274-03 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1.
Red Hat Security Advisory 2024-4273-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.2.
Red Hat Security Advisory 2024-4272-03 - An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1.