]> git.proxmox.com Git - pve-qemu.git/commit
projects / pve-qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c2abb73) | patch
backport fix for CVE-2024-4467
authorFiona Ebner <f.ebner@proxmox.com>
Wed, 3 Jul 2024 11:03:49 +0000 (13:03 +0200)
committerFiona Ebner <f.ebner@proxmox.com>
Wed, 3 Jul 2024 11:50:07 +0000 (13:50 +0200)
commitb242e7f196acf53ef57a4a51539e4800a6e53cb4
tree03a6771bc12a3368d4a07efd32202b4e1f7a1c7ctree
parentc2abb73df7694f4b88eaccf72c0f735e323a3f61commit | diff
backport fix for CVE-2024-4467

This prevents that malicious qcow2 images can already cause bad
effects if being queried via 'qemu-img info'.

For Proxmox VE, this is an additional safe guard, as currently it
directly creates and manages the qcow2 images used by VMs and does not
allow unprivileged users to import them.

Reference: https://access.redhat.com/security/cve/cve-2024-4467

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
debian/patches/extra/0019-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch [new file with mode: 0644] blob
debian/patches/extra/0020-block-Parse-filenames-only-when-explicitly-requested.patch [new file with mode: 0644] blob
debian/patches/series diff | blob | blame | history
QEMU for PVE