-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : nova CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For the oldstable distribution (bookworm), this problem has been fixed in version 2:26.2.2-1~deb12u4. For the stable distribution (trixie), this problem has been fixed in version 2:31.0.0-6+deb13u2. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nova Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmXeAdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QaDg//e7sEpfbiVyOXLD41E5Bp5D0mLDRL85WykvWLKUCm0Ii8NNx4O3rZXT5U odikz/KcWxVATNTY5xTpSF5BayY5sIh42sIgJ8bMevsAm/X2ALjbhJggQgGVxuTo SK4Rvk2JkWYHVzAJLpqJPAvviRKzNd/nBUGFUZluM9hmS5/JsGMMwSFJDEc+TTrY danoi/5lldsrM3k7kvbmUu5tnJ/orpNNkMDfPtWPwDGr5i7+4c0wAhwa+VRyQdP1 o09ugXOn9+QIRN6aFZ8tPOf3UNnburSC/l3aV2R+kBej2ZV7lD4K+qUD0bPenvGG KIrvFCFgmj5zN0O6+eGWcOmBeOlSUaDJY/1DfgGmW82kdjJHY9Gs1yXnEBQcDeFn YBXPaaZTXpc2BzP1Vc110mADGaYV/5/lLQKEm+j3BNnQDcJiDUdx32xT0XZBjlHF 1oW+HA8ML3JYuPY1/pheeloA81TDVwvGPQoF3X2yApkQAyJNLKtZ3VwTUx7O0jfq 7gC7CIxWOihCA35sTzT0GNPfiwsNkFY/eeiRgyNFGClQr74YSRm93wrrKbPEcH6R Ecg6sE4NRshlEaF2cQiyCh4IKX2axfXhnvFyaR/A4SIXenjWhFQjU9JfwLKBdGKw nsWU0SY/QCXiBEL5fyuuT5nDzLFdHwQcUHGbDPVr3RcfoZ7wZyA= =PNty -----END PGP SIGNATURE-----
