- Vulnerability/
- USN-6884-1
USN-6884-1: Nova vulnerability
First published: Mon Jul 08 2024(Updated: )
Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/nova-common | <3:29.0.1-0ubuntu1.3 | 3:29.0.1-0ubuntu1.3 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/python3-nova | <3:29.0.1-0ubuntu1.3 | 3:29.0.1-0ubuntu1.3 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/nova-common | <3:28.0.1-0ubuntu1.3 | 3:28.0.1-0ubuntu1.3 |
| Ubuntu | =23.10 | |
| All of | ||
| ubuntu/python3-nova | <3:28.0.1-0ubuntu1.3 | 3:28.0.1-0ubuntu1.3 |
| Ubuntu | =23.10 | |
| All of | ||
| ubuntu/nova-common | <3:25.2.1-0ubuntu2.3 | 3:25.2.1-0ubuntu2.3 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/python3-nova | <3:25.2.1-0ubuntu2.3 | 3:25.2.1-0ubuntu2.3 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/nova-common | <2:21.2.4-0ubuntu2.8 | 2:21.2.4-0ubuntu2.8 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/python3-nova | <2:21.2.4-0ubuntu2.8 | 2:21.2.4-0ubuntu2.8 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2024-32498
- https://ubuntu.com/security/notices/USN-6882-1
- https://ubuntu.com/security/notices/USN-6883-1
- https://ubuntu.com/security/notices/USN-6882-2
- https://launchpad.net/ubuntu/+source/nova/3:29.0.1-0ubuntu1.3
- https://launchpad.net/ubuntu/+source/nova/3:28.0.1-0ubuntu1.3
- https://launchpad.net/ubuntu/+source/nova/3:25.2.1-0ubuntu2.3
- https://launchpad.net/ubuntu/+source/nova/2:21.2.4-0ubuntu2.8
- https://ubuntu.com/security/notices/USN-6884-1 (Advisory)
Frequently Asked Questions
What is the vulnerability identified as USN-6884-1?
USN-6884-1 is a vulnerability in Nova that incorrectly handles QCOW2 image processing, allowing authenticated users to access arbitrary files on the server.
What are the potential consequences of the USN-6884-1 vulnerability?
The USN-6884-1 vulnerability could expose sensitive information by allowing unauthorized access to files on the server.
How do I fix the USN-6884-1 vulnerability?
To fix USN-6884-1, update the affected packages to version 3:29.0.1-0ubuntu1.3 for Ubuntu 24.04 or other specified remedial versions for previous Ubuntu releases.
Which versions of Ubuntu are affected by the USN-6884-1 vulnerability?
The USN-6884-1 vulnerability affects Ubuntu versions 20.04, 22.04, 23.10, and 24.04 with specific package versions listed.
Who discovered the vulnerability USN-6884-1?
The vulnerability USN-6884-1 was discovered by Martin Kaesberger.
- agent/severity
- agent/last-modified-date
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.04
- version/ubuntu/23.10
- version/ubuntu/22.04
- version/ubuntu/20.04