[PATCH] NEWS: mention CVE-2020-25637 in v6.8.0 release notes
Mauro Matteo Cascella
mcascell at redhat.com
Fri Oct 2 11:09:35 UTC 2020
---
NEWS.rst | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index de46cac8c5..f6074d9fe8 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -27,6 +27,14 @@ v6.9.0 (unreleased)
v6.8.0 (2020-10-01)
===================
+* **Security**
+
+ * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
+
+ Clients connecting to the read-write socket with limited ACL permissions
+ may be able to crash the libvirt daemon, resulting in a denial of service,
+ or potentially escalate their privileges on the system. CVE-2020-25637.
+
* **New features**
* xen: Add ``writeFiltering`` attribute for PCI devices
--
2.26.2
More information about the libvir-list
mailing list