Explore top 10 tips to secure your open-source projects now. Read More
×
Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For Debian 11 bullseye, this problem has been fixed in version. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1
Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For the oldstable distribution (bookworm), this problem has been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1
Nova could be made to destroy data.. ========================================================================== Ubuntu Security Notice USN-8049-1 February 17, 2026 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Nova could be made to destroy data. Software Description: - nova: OpenStack Compute cloud infrastructure Details: Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nova-common 3:32.0.0-0ubuntu1.1 python3-nova 3:32.0.0-0ubuntu1.1 Ubuntu 24.04 LTS nova-common 3:29.2.0-0ubuntu1.3 python3-nova 3:29.2.0-0ubuntu1.3 Ubuntu 22.04 LTS nova-common 3:25.2.1-0ubuntu2.10 python3-nova 3:25.2.1-0ubuntu2.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8049-1 CVE-2026-24708 Package Information: https://launchpad.net/ubuntu/+source/nova/3:32.0.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nova/3:29.2.0-0ubuntu1.3 https://launchpad.net/ubuntu/+source/nova/3:25.2.1-0ubuntu2.10 . Critical advisory for Ubuntu on Nova identifies a severe data destruction risk leading to potential data loss.. Ubuntu Nova Cloud Data Loss Security Critical. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # nova-3.11.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15465-1 Rating: moderate Cross-References: * CVE-2025-47907 CVSS scores: * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the nova-3.11.8-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * nova 3.11.8-1.1 * nova-bash-completion 3.11.8-1.1 * nova-fish-completion 3.11.8-1.1 * nova-zsh-completion 3.11.8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47907.html . openSUSE Leap 15.5 patches released addressing high-risk nova package flaws. Urgent updates for CVE-2025-47908 implemented.. openSUSE Tumbleweed, moderate updates, nova package, CVE-2025-47907. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # nova-3.11.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:15251-1 Rating: moderate Cross-References: * CVE-2025-22874 CVSS scores: * CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22874 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the nova-3.11.4-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * nova 3.11.4-1.1 * nova-bash-completion 3.11.4-1.1 * nova-fish-completion 3.11.4-1.1 * nova-zsh-completion 3.11.4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22874.html . The latest Fedora Rawhide release brings a significant kernel upgrade that improves performance and stability for users.. openSUSE Tumbleweed,nova updates,linux security fixes. . LinuxSecurity.com Team
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1
Get the latest Linux and open source security news straight to your inbox.