Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 31 articles for you...
197

Debian LTS 11 nova Important Resize Safety Issue DLA-4486-1 CVE-2026-24708

Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For Debian 11 bullseye, this problem has been fixed in version. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nova Version : 2:22.4.0-1~deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For Debian 11 bullseye, this problem has been fixed in version 2:22.4.0-1~deb11u7. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Discover an important security advisory for nova in Debian LTS 11, addressing unsafe image resizing operations that risk data integrity.. Debian LTS, nova, cloud controller security, resize operation safety, package upgrade. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 20, 2026 Important Debian LTS
87

Debian DSA-6145-1 Nova Image Resize Issue CVE-2026-24708

Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For the oldstable distribution (bookworm), this problem has been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nova CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For the oldstable distribution (bookworm), this problem has been fixed in version 2:26.2.2-1~deb12u4. For the stable distribution (trixie), this problem has been fixed in version 2:31.0.0-6+deb13u2. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Unsanctioned image resize in nova could lead to host data destruction. Upgrade recommended for Debian users to improve security.. cloud computing,nova security,debian advisory,data destruction. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 Feb 19, 2026 Informational Debian
172

Ubuntu 25.10 Nova Critical Data Loss Risk CVE-2026-24708

Nova could be made to destroy data.. ========================================================================== Ubuntu Security Notice USN-8049-1 February 17, 2026 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Nova could be made to destroy data. Software Description: - nova: OpenStack Compute cloud infrastructure Details: Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nova-common 3:32.0.0-0ubuntu1.1 python3-nova 3:32.0.0-0ubuntu1.1 Ubuntu 24.04 LTS nova-common 3:29.2.0-0ubuntu1.3 python3-nova 3:29.2.0-0ubuntu1.3 Ubuntu 22.04 LTS nova-common 3:25.2.1-0ubuntu2.10 python3-nova 3:25.2.1-0ubuntu2.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8049-1 CVE-2026-24708 Package Information: https://launchpad.net/ubuntu/+source/nova/3:32.0.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nova/3:29.2.0-0ubuntu1.3 https://launchpad.net/ubuntu/+source/nova/3:25.2.1-0ubuntu2.10 . Critical advisory for Ubuntu on Nova identifies a severe data destruction risk leading to potential data loss.. Ubuntu Nova Cloud Data Loss Security Critical. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 17, 2026 Critical Ubuntu
202

openSUSE Tumbleweed Nova Moderate CVE-2025-47907 Advisory 2025:15465-1

An update that solves one vulnerability can now be installed.. # nova-3.11.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15465-1 Rating: moderate Cross-References: * CVE-2025-47907 CVSS scores: * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the nova-3.11.8-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * nova 3.11.8-1.1 * nova-bash-completion 3.11.8-1.1 * nova-fish-completion 3.11.8-1.1 * nova-zsh-completion 3.11.8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47907.html . openSUSE Leap 15.5 patches released addressing high-risk nova package flaws. Urgent updates for CVE-2025-47908 implemented.. openSUSE Tumbleweed, moderate updates, nova package, CVE-2025-47907. . LinuxSecurity.com Team

Calendar%202 Aug 20, 2025 OpenSUSE
202

openSUSE Tumbleweed: 2025:15251-1 moderate: nova security issue

An update that solves one vulnerability can now be installed.. # nova-3.11.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:15251-1 Rating: moderate Cross-References: * CVE-2025-22874 CVSS scores: * CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22874 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the nova-3.11.4-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * nova 3.11.4-1.1 * nova-bash-completion 3.11.4-1.1 * nova-fish-completion 3.11.4-1.1 * nova-zsh-completion 3.11.4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22874.html . The latest Fedora Rawhide release brings a significant kernel upgrade that improves performance and stability for users.. openSUSE Tumbleweed,nova updates,linux security fixes. . LinuxSecurity.com Team

Calendar%202 Jul 05, 2025 OpenSUSE
197

Debian LTS: DLA-3873-1 Moderate: Nova Arbitrary File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : nova Version : 2:22.4.0-1~deb11u5 CVE ID : CVE-2024-32498 CVE-2024-40767 Debian Bug : 1074762 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. Arnaud Morin later discovered that the initial fix was not sufficient, and that nova was still vulnerable with some VM images types. For Debian 11 bullseye, these problems have been fixed in version 2:22.4.0-1~deb11u5. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Ubuntu Security Notice USN-1234-1 concerns vulnerabilities in OpenStack impacting various modules.. Debian LTS, OpenStack Security, Nova Updates, Disk Image Vulnerability, Security Advisory DLA-3873-1. . LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Debian LTS
87

Debian Bookworm DSA-5756-1 Critical: Nova File Disclosure Risk

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nova CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:26.2.2-1~deb12u3. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-5757-2 fixes a severe cinder flaw impacting OpenStack services. Upgrade immediately!. Debian Security, OpenStack Advisory, Nova Security Update, File Disclosure, QCOW2 Disk Images. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Critical Debian
87

Debian: DSA-5755-1 Moderate: Glance Arbitrary File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : glance CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:25.1.0-2+deb12u1. We recommend that you upgrade your glance packages. For the detailed security status of glance please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/glance Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Defective QCOW2 disk images may reveal sensitive data; Ubuntu recommends urgent updates for glance software.. OpenStack Security, Debian Advisory, Glance Security, File Disclosure Risk. . LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200