-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Feb 2026 11:19:03 +0100
Source: nova
Binary: nova-api nova-common nova-compute nova-compute-ironic nova-compute-kvm nova-compute-lxc nova-compute-qemu nova-conductor nova-consoleproxy nova-doc nova-scheduler python3-nova
Architecture: all
Version: 2:26.2.2-1~deb12u4
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 nova-api   - OpenStack Compute - compute API frontend
 nova-common - OpenStack Compute - common files
 nova-compute - OpenStack Compute - compute node
 nova-compute-ironic - OpenStack Compute - compute node (Ironic)
 nova-compute-kvm - OpenStack Compute - compute node (KVM)
 nova-compute-lxc - OpenStack Compute - compute node (LXC)
 nova-compute-qemu - OpenStack Compute - compute node (QEmu)
 nova-conductor - OpenStack Compute - conductor service
 nova-consoleproxy - OpenStack Compute - NoVNC proxy
 nova-doc   - OpenStack Compute - documentation
 nova-scheduler - OpenStack Compute - virtual machine scheduler
 python3-nova - OpenStack Compute - libraries
Closes: 1128294
Changes:
 nova (2:26.2.2-1~deb12u4) bookworm-security; urgency=high
 .
   * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
     or ephemeral disk and then triggering a resize, a user may convince Nova's
     flat image backend to call qemu-img without a format restriction resulting
     in an unsafe image resize operation that could destroy data on the host
     system. Appiled upstream patch (Closes: #1128294):
     - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2024.2.patch
Checksums-Sha1:
 f8d84aec67367598c7306cfe6d508b31b7a8dcc6 29776 nova-api_26.2.2-1~deb12u4_all.deb
 9b7e5196421d46276d2a63212517070144aef9d5 129480 nova-common_26.2.2-1~deb12u4_all.deb
 67f9a9cfe27cdf5b56cffd80eb278f319e669e91 9196 nova-compute-ironic_26.2.2-1~deb12u4_all.deb
 04866ce34cd0a872cfc54b14c0b1983cb21a882d 9424 nova-compute-kvm_26.2.2-1~deb12u4_all.deb
 40d63e02cf92df34814653bbda2c2f41cf6d97bb 9260 nova-compute-lxc_26.2.2-1~deb12u4_all.deb
 359a08c5cf927ab3cf995f08d874ab6e1f71bd6e 9304 nova-compute-qemu_26.2.2-1~deb12u4_all.deb
 9297ec057fa558e7ed152f1b88f807bf1edaf210 15508 nova-compute_26.2.2-1~deb12u4_all.deb
 2c9c84f2c7f3df0d383e9df3fc7fcb4be9f257a6 14828 nova-conductor_26.2.2-1~deb12u4_all.deb
 58d42060f26c1a0001fa17d475289f307d2319e8 20092 nova-consoleproxy_26.2.2-1~deb12u4_all.deb
 ac7436cfd7bc9deda1b94dca9b082bea3c8f5de3 2881452 nova-doc_26.2.2-1~deb12u4_all.deb
 2417b541f337fa2323573c360be97f575b9cec3a 14848 nova-scheduler_26.2.2-1~deb12u4_all.deb
 31c04aa7200bd46a5f2ca74b56ac0aa2dae6bebe 23056 nova_26.2.2-1~deb12u4_all-buildd.buildinfo
 8e3c01a195e04a35d2a86e1395d54b17e3749005 3014000 python3-nova_26.2.2-1~deb12u4_all.deb
Checksums-Sha256:
 d930757413367b9e3b48f1517cd40ad13338f5c081f465db06c30b8671d02550 29776 nova-api_26.2.2-1~deb12u4_all.deb
 51e90b404eaeb07f846c59d093b82009ed160d0f329f962405e552175b411ff8 129480 nova-common_26.2.2-1~deb12u4_all.deb
 6be237f4ea788585a523568c70d3f9e9dcf73da20c3fe6ecb42d9697ee1d20c0 9196 nova-compute-ironic_26.2.2-1~deb12u4_all.deb
 ec3b30c0e0c658d3fb88dbf4c2fe7431571f5b97fdd7a4da62c265fe9ffa6b21 9424 nova-compute-kvm_26.2.2-1~deb12u4_all.deb
 4a6c8d168e200aee6f7c55fbdbee614746bca0a0f721dbffc03d853ec1a9cb2e 9260 nova-compute-lxc_26.2.2-1~deb12u4_all.deb
 40ba275d8746fdba7e8eb402b42915395a50eb0b73242144e1496560c9503178 9304 nova-compute-qemu_26.2.2-1~deb12u4_all.deb
 7ac2c68404a83d442b11f242e668db306243429a0e8fa490405ae61558bf3cf6 15508 nova-compute_26.2.2-1~deb12u4_all.deb
 f2c9e281e7131d66854e82297a555be7080cb49f08234db598658d62bc478bf7 14828 nova-conductor_26.2.2-1~deb12u4_all.deb
 1cb4184a63e9ff786fd2f4370e5d6fc72c8c17488058e06b943ec5ee845011f6 20092 nova-consoleproxy_26.2.2-1~deb12u4_all.deb
 226db4cf604df03f2e885297c17a58e0c0b5abdb55d25eec065eba1fd10b5552 2881452 nova-doc_26.2.2-1~deb12u4_all.deb
 a894fb98889ac7aaa201275cdec6059eb6456e210ae7cda908ff09ae98846a00 14848 nova-scheduler_26.2.2-1~deb12u4_all.deb
 23618894fa47cd74f2305181c04c511a10475927947dea0bd93ed97a7eb95eb5 23056 nova_26.2.2-1~deb12u4_all-buildd.buildinfo
 dd8d4addeb4e5e1548f5009a0dc98121bab22dab486f3209699059aab67f4ee8 3014000 python3-nova_26.2.2-1~deb12u4_all.deb
Files:
 50667b7271c35d86b54fcd9fdc3103d1 29776 net optional nova-api_26.2.2-1~deb12u4_all.deb
 eae7871366c828457ec644ac5ab9031d 129480 net optional nova-common_26.2.2-1~deb12u4_all.deb
 ec0bce3c52846e5771b04fb6b8088dc9 9196 net optional nova-compute-ironic_26.2.2-1~deb12u4_all.deb
 af49b2c7e3b2f3f98e9a34ba08d66123 9424 net optional nova-compute-kvm_26.2.2-1~deb12u4_all.deb
 4cc35af36c513de486d96f522bec3e89 9260 net optional nova-compute-lxc_26.2.2-1~deb12u4_all.deb
 a972e6ce49a91ca296fb70a0b8662607 9304 net optional nova-compute-qemu_26.2.2-1~deb12u4_all.deb
 1f493d6c5ab415376aef9877bc8c462c 15508 net optional nova-compute_26.2.2-1~deb12u4_all.deb
 dec5a6f781e9938222f0838b4fca0f60 14828 net optional nova-conductor_26.2.2-1~deb12u4_all.deb
 d75d9c5b5fd520a7056fb4beb0e91f8f 20092 net optional nova-consoleproxy_26.2.2-1~deb12u4_all.deb
 833905e5710981947014f9603b965e98 2881452 doc optional nova-doc_26.2.2-1~deb12u4_all.deb
 95fe37dbd5dc03e08f596b590f5d3663 14848 net optional nova-scheduler_26.2.2-1~deb12u4_all.deb
 fc2503e57f7b73dc130183cd0f9e216f 23056 net optional nova_26.2.2-1~deb12u4_all-buildd.buildinfo
 ee7357f637ccaedbe0978175ea1d05f9 3014000 python optional python3-nova_26.2.2-1~deb12u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmmW2dgACgkQJm69HxMT
N+qy2xAAk0rfipyZlLCvsZEMpm7jV9cKoHBYYtnvvdiTWwxliLvEXnIJNy6Piekp
MiSKhDCFYiZ8/sG6IIH7u7hcvQ0z5SQ+qXpE0G/kgW2A6gkoM03+B2sn65Aj0URo
SCtN+Gh427tBgwz1qMAWU8OWb9CisVCGiJtrQ2w3efG8iY88zwnLWDbGfDR0U0dt
AxcDXPZtwwH1u3czhHAtE8YWbO3pfvkM2BNUbxO2RE5GNURPv1+G4axMOjl8n6Rd
1FxuGseJGWp8oUp1u5CUIEbEpa1XWaXkq/WjBSiVxoz3VEWLJznsbmVutU5eWUGZ
jqvZQRJ4DLnpBlIgtA2gbwg6UuQECGvJbBeK4CQvp1RRXpAFoKJOEOGYGXb8i4sG
ipmlmJiCFDLGirJZAGqhcRNGyQtzyfh3BqKKyiBZK6JH72t8Jx8JqOHZwKzPTbNB
r91siQZcROE6s4Li4iHzbRVK5naUdufsMQRXHv1Jhq3M4dEpY8UG1FyzuHO6BUpH
r/uTl9o48SZXfbDU0Bp8AK291WvSk8UUxz3CSurSfSC+X0Tlscr6naJd80Nry4iI
0xXHMEEvL8uCQCuI8k8Kmbl4K7blRQL19CSSJklGr4QQ25GboubmWz6DwnUcxBbS
6WgBkVfXlGreo+nBuwqx1/TBx+NaUXTdNGibjD23DE5Utj6gpnE=
=VOsm
-----END PGP SIGNATURE-----