The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3873 advisory. – ————————————————————————- Debian LTS Advisory DLA-3873-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS – ————————————————————————- Package : nova Version : 2:22.4.0-1~deb11u5 CVE ID : CVE-2024-32498 CVE-2024-40767 Debian Bug : 1074762 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. Arnaud Morin later discovered that the initial fix was not sufficient, and that nova was still vulnerable with some VM images types. For Debian 11 bullseye, these problems have been fixed in version 2:22.4.0-1~deb11u5. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nova Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Tenable has extracted the…Read More
References
Back to Main