Your message dated Thu, 19 Feb 2026 23:04:29 +0000
with message-id <[email protected]>
and subject line Bug#1128294: fixed in nova 2:31.0.0-6+deb13u2
has caused the Debian Bug report #1128294,
regarding CVE-2026-24708: malicious QCOW header result in unsafe image resize
operation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nova
Version: 2:31.0.0-6+deb13u1
Severity: grave
copying pre-OSSA:
This is an advance warning of a vulnerability discovered in
OpenStack, to give you, as downstream stakeholders, a chance to
coordinate the release of fixes and reduce the vulnerability window.
Please treat the following information as confidential until the
proposed public disclosure date.
Dan Smith from Red Hat reported a vulnerability in nova. By
writing a malicious QCOW header to a root or ephemeral disk
and then triggering a resize, a user may convince Nova's flat
image backend to call qemu-img without a format restriction
resulting in an unsafe image resize operation that could
destroy data on the host system.
Only compute nodes using the Flat image backend (usually
configured with use_cow_images=False) are affected.
Proposed patch:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to their corresponding branches on the public
disclosure date.
CVE: CVE-2026-24708
Proposed public disclosure date/time:
2026-02-17 1500UTC
Please do not make the issue public (or release public patches)
before this coordinated embargo date.
Original private report:
https://launchpad.net/bugs/2137507
For access to read and comment on this report, please reply to me
with your Launchpad username and I will subscribe you.
--
Jay Faulkner
OpenStack Vulnerability Management Team
https://security.openstack.org/vmt.html
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2:31.0.0-6+deb13u2
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Feb 2026 10:34:57 +0100
Source: nova
Architecture: source
Version: 2:31.0.0-6+deb13u2
Distribution: trixie-security
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1128294
Changes:
nova (2:31.0.0-6+deb13u2) trixie-security; urgency=high
.
* CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
or ephemeral disk and then triggering a resize, a user may convince Nova's
flat image backend to call qemu-img without a format restriction resulting
in an unsafe image resize operation that could destroy data on the host
system. Appiled upstream patch (Closes: #1128294):
- cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.1.patch
Checksums-Sha1:
3bf370973e2ba316a2428971985115fb83ddde4e 4854 nova_31.0.0-6+deb13u2.dsc
9bfd90e7c79db45773b7ef1a24814974c9a0aa62 6124328 nova_31.0.0.orig.tar.xz
82bded559a32bbfc9668e5531e1cc21a7c2e57ca 72812
nova_31.0.0-6+deb13u2.debian.tar.xz
58b94664b73a353235906238a6692c645dcbeeaa 26107
nova_31.0.0-6+deb13u2_amd64.buildinfo
Checksums-Sha256:
ecf919d3a492522295f2ba5b414973fac45a6a47b71abc205ae65c9d6908857c 4854
nova_31.0.0-6+deb13u2.dsc
51662e6eafcb3a278f6629683494094f587188fda4e8812ab23709a30dc579bc 6124328
nova_31.0.0.orig.tar.xz
e67f4ce1ba1f08a512ed01001ddcc7db0a6ea0c4bf036c8b904e9f08e57ae5dc 72812
nova_31.0.0-6+deb13u2.debian.tar.xz
adbb0f0c959d567c11e685d74960f7001767a9975ffa7870e0e05ab1a34a6a6a 26107
nova_31.0.0-6+deb13u2_amd64.buildinfo
Files:
d9a8c7606a6a6aff48bee499c2e5f755 4854 net optional nova_31.0.0-6+deb13u2.dsc
3d75440c9b58a64b74b46a13a74c55ce 6124328 net optional nova_31.0.0.orig.tar.xz
3d7908ae40239183929571a037a54774 72812 net optional
nova_31.0.0-6+deb13u2.debian.tar.xz
e30fd70e2bd85ee5e80a2b8df1409aa7 26107 net optional
nova_31.0.0-6+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmmUiB4ACgkQ1BatFaxr
Q/6hVQ/8Dxti8mjRBuSa3xWak1+qr3XeCizIVrv1naHS5UXMcZlWHbcvO/mdEWJ+
R3cY0MFPHVZ17ltv/EL4TEh9ZtdFshCvrM5VpuQzrYBMZrfkclv1InWZsnrBp7rt
Ip/AS6UXW03svx1RAb6X+DPg8XQ/+F81lkwrXStMTBmZRh7M1zQRfG9lDH86OZux
bdo0rzFKmVih3nPvKLoRCKOFoRe1CMW8OgzzfVLgd7PpYsMEnAcUsV3QeHfA2SM1
/Mc0a9NibpLtnPdRcvWHoaVXGDgwRgJvCk4BCx0rwuU5VjMnL/FPsBanPqSVkAyI
KnYJHbN31Z2GolkTxKdQmkuSnVKh+B6CorWqWpgecE2nFfgwL1uM3Sd9ZA5bRhDV
1/nsv2gruUxrjK0fTVpv3cfGdveqNGDwOqnSMDNY5e6WOodtBYv+ebuPw6zDUSzj
cQPUGLexy982jnVdawnFh6tSo0nJjJKuhlUptJ9ohYbSuR9HOwFKGFksjVn4Q719
x9wNYdH3PBiQe6+HesWVscNXGe8O0L2it8o7VFb1WnbMTNSU4Zg06F69O/dgrQKu
dmX4sdflh2XLnNQsm1FzU5I/iFSIWSeQ8sYUNq7BOQ4uBUHKqAnvsPsy3qnQGHw4
4QMBWH/nEotAjUQeVQTrcMdafEW0t+Jb1enhFcc3YBpNhCJ3yUY=
=M5ja
-----END PGP SIGNATURE-----
pgpqbuICwfcSm.pgp
Description: PGP signature
--- End Message ---
