Your message dated Tue, 17 Feb 2026 15:19:07 +0000
with message-id <[email protected]>
and subject line Bug#1128294: fixed in nova 2:32.1.0-7
has caused the Debian Bug report #1128294,
regarding CVE-2026-24708: malicious QCOW header result in unsafe image resize
operation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nova
Version: 2:31.0.0-6+deb13u1
Severity: grave
copying pre-OSSA:
This is an advance warning of a vulnerability discovered in
OpenStack, to give you, as downstream stakeholders, a chance to
coordinate the release of fixes and reduce the vulnerability window.
Please treat the following information as confidential until the
proposed public disclosure date.
Dan Smith from Red Hat reported a vulnerability in nova. By
writing a malicious QCOW header to a root or ephemeral disk
and then triggering a resize, a user may convince Nova's flat
image backend to call qemu-img without a format restriction
resulting in an unsafe image resize operation that could
destroy data on the host system.
Only compute nodes using the Flat image backend (usually
configured with use_cow_images=False) are affected.
Proposed patch:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to their corresponding branches on the public
disclosure date.
CVE: CVE-2026-24708
Proposed public disclosure date/time:
2026-02-17 1500UTC
Please do not make the issue public (or release public patches)
before this coordinated embargo date.
Original private report:
https://launchpad.net/bugs/2137507
For access to read and comment on this report, please reply to me
with your Launchpad username and I will subscribe you.
--
Jay Faulkner
OpenStack Vulnerability Management Team
https://security.openstack.org/vmt.html
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2:32.1.0-7
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Feb 2026 00:32:36 +0100
Source: nova
Architecture: source
Version: 2:32.1.0-7
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1128294
Changes:
nova (2:32.1.0-7) unstable; urgency=high
.
* CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
or ephemeral disk and then triggering a resize, a user may convince Nova's
flat image backend to call qemu-img without a format restriction resulting
in an unsafe image resize operation that could destroy data on the host
system. Appiled upstream patch (Closes: #1128294):
- cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.2.patch
* Cleans better.
Checksums-Sha1:
55fdde7cc70553b5ee35f08de25923bd0f28c86b 4676 nova_32.1.0-7.dsc
c19f97ab577f7c05ee949c20a012c389f955a018 69360 nova_32.1.0-7.debian.tar.xz
454bb3c266bb29785a5f6b5870028eea820905d8 25575 nova_32.1.0-7_amd64.buildinfo
Checksums-Sha256:
b26c2b258b23f4cdb6229e1e2f884cba1c739daac9fdc408fcd5dd5e6c712ae1 4676
nova_32.1.0-7.dsc
acfa686dd7a3607b3e475c6b122195c64ae15067dc2fa352a0805e20f07bf7bf 69360
nova_32.1.0-7.debian.tar.xz
a888bd909540b8e0570969bd6bef1ddb2ba2dd5b02540a8828625d5ecad11be0 25575
nova_32.1.0-7_amd64.buildinfo
Files:
7ddc7b155f29b0ff6ec670173660fb8e 4676 net optional nova_32.1.0-7.dsc
c7c51691fe9bc6f3ed0ecf1223ebf823 69360 net optional nova_32.1.0-7.debian.tar.xz
9b940ec65044beb2c1c05460c94b18cc 25575 net optional
nova_32.1.0-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmmUhLIACgkQ1BatFaxr
Q/7+KA//XL7pXx+iqLTW0Keb/ybbm3Nbat2BNnw2DjR/EsK2EkpeX3MgwtDc8Tna
UkNRDd3tvjhTNeQ/XNc0SIfoAjMc663OEDvZrDvyCu6qz/74TL9VY0ECr+T5s7Fq
zYGjGsLP8RoC2IN9tipTEkaBMEHduu7SCHWM8sHLt0pgm8tXa2tUhJnG3jkKSclD
6e24jqP1PXOhxv8lA7UXhuSwfKs/4ZV2Z0OpEvk6rR1k8dqdOYgKdBqbrVXNh4Xk
RrCvdpQk9/oG01n3c4HcycBLHZscV3CtK9T8xqp2IgkNnfg6rK5j83zrZs3ozLlm
YdDDCkk/MlkmTffgBwN1p+IbfIFwqsZyLgLluuN5ERcNA317ZobgLBwBSpSWDQto
IZfLf3E8+OkUh+MkbglcdFlcQrg8CUEXtoMjFhxz3adm8/WadLK6H/gjiiYPme9D
GdI63tQkiaLGKbS0lHoNkaqdlkw+Mbc0mT+9eTQ5FaX6+Q1CZFphKIKbsIJ5qZh5
mXXfen4iLq6cN5w0tcpcjHpPZVeJRuGq4Px7b9xSZJsFTV2Y7cO248DQ9Q8ABM+K
SIPjzrofIMilndfyV5zI9YDI0NWp1zKMyc5UMuCwf413X0N/Ze8XxlgTHXNsp35h
z9zd7Pz15mHHt6OKrOSep0UDnMQJvpqKKqt9UHF1sI99U1cbVcY=
=x8So
-----END PGP SIGNATURE-----
pgp2aJb74mhdx.pgp
Description: PGP signature
--- End Message ---
