Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected.
https://security-tracker.debian.org/tracker/DSA-6145-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-6145-1
Continue reading...

