------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nova Version : 2:22.4.0-1~deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For Debian 11 bullseye, this problem has been fixed in version 2:22.4.0-1~deb11u7. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nova Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature