Add releasenote for CVE-2024-32498 fix
Related-Bug: #2059809 Change-Id: I3259dd013ba5e3fefd0e172bf0e7cc502158c8db
This commit is contained in:
parent
0d8e79b713
commit
867d1dd8b6
@ -0,0 +1,17 @@
|
||||
---
|
||||
security:
|
||||
- |
|
||||
Images in the qcow2 format with an external data file are now
|
||||
rejected from glance because such images could be used in an
|
||||
exploit to expose host information. See `Bug #2059809
|
||||
<https://bugs.launchpad.net/glance/+bug/2059809>`_ for details.
|
||||
fixes:
|
||||
- |
|
||||
`Bug #2059809 <https://bugs.launchpad.net/glance/+bug/2059809>`_:
|
||||
Fixed issue where a qcow2 format image with an external data file
|
||||
could expose host information. Such an image format with an external
|
||||
data file will be rejected from glance. To achieve the same,
|
||||
format_inspector has been extended by adding safety checks for qcow2
|
||||
and vmdk files in glance. Unsafe qcow and vmdk files will be rejected
|
||||
by pre-examining them with a format inspector to ensure safe
|
||||
configurations prior to any qemu-img operations.
|
Loading…
Reference in New Issue
Block a user