Add news item for sVirt CVE fix

[PATCH] Add news item for sVirt CVE fix

Daniel P. Berrangé posted 1 patch 2 years, 10 months ago

Download mbox

Test syntax-check failed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210701113908.1001086-1-berrange@redhat.com

NEWS.rst | 8 ++++++++
1 file changed, 8 insertions(+)

Expand all Fold all

[PATCH] Add news item for sVirt CVE fix

Posted by Daniel P. Berrangé 2 years, 10 months ago

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 NEWS.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 935b0d0aad..3297560941 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -11,6 +11,14 @@ For a more fine-grained view, use the `git log`_.
 v7.5.0 (unreleased)
 ===================
 
+* **Security fixes**
+
+  * svirt: fix MCS label generation (CVE-2021-3631)
+
+    A flaw in the way MCS labels were generated could result in a VM's
+    resource not being fully protected from access by another VM were
+    it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
+
 * **Removed features**
 
   * xen: Remove support for Xen < 4.9
-- 
2.31.1

Re: [PATCH] Add news item for sVirt CVE fix

Posted by Andrea Bolognani 2 years, 10 months ago

On Thu, Jul 01, 2021 at 12:39:08PM +0100, Daniel P. Berrangé wrote:
>  v7.5.0 (unreleased)
>  ===================
>
> +* **Security fixes**

Looking at old releases, this section is usually called just
"Security".

With that changed,

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization