From nobody Sun May 19 20:29:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1625140088; cv=none; d=zohomail.com; s=zohoarc; b=XMWCpFSAP+G8H6B9zhQs31/ce6UdZJC5Wzz4IIXJzKv2XfLvnbZjGRBNql1F4JeAbW3cpWZGIAnxrQlRsE+3sAvmfDGGYOqVHCCyNDldwj6o/F89EsCzgT9sUp+q90o9T5Gy/8b5gdR/FoVnzyMCEE2+D4fSeJG+zdDXDlltelY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1625140088; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=MiM9a4U1LWjKKIHuQQEFdVdEMe8l3+yqUEg66VFAVEY=; b=NlO5H1J4nR0tB8T7/Z0ni4PGi8YnHXbhMBGt1dIj718Poop2qnAHxtafusPt1NqYq5ghug5eGI4xtL79JEieO2FnprkJbUiUJ1I5yIKy9ZhN+bpBW1C/h7mBSNMtOyBklsM1EmP9MuBknjzLDvYMK7cc+z/gbr0gA5zhNVnUtZM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1625140088244480.7487001875429; Thu, 1 Jul 2021 04:48:08 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-349-Ml53NofoNNO_ZuLYe1euNw-1; Thu, 01 Jul 2021 07:48:05 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BC3068CC6AF; Thu, 1 Jul 2021 11:47:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AC16E60C13; Thu, 1 Jul 2021 11:47:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4F6CB1809CAC; Thu, 1 Jul 2021 11:47:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 161BdERU019738 for ; Thu, 1 Jul 2021 07:39:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7F9BA5DA61; Thu, 1 Jul 2021 11:39:14 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-178.ams2.redhat.com [10.36.114.178]) by smtp.corp.redhat.com (Postfix) with ESMTP id B57B65DA60; Thu, 1 Jul 2021 11:39:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625140087; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=MiM9a4U1LWjKKIHuQQEFdVdEMe8l3+yqUEg66VFAVEY=; b=U4gMKrYQy+jd0NxXwpPqy9Noho3p/yR7+u/9CeyR+7akdZ15WQ18p6Jbayxfk5ALJ2ND2m mfBAEvUpT3jwkUJUxsaspQSwdo8Lk2pHqwLFz7o9p9gtzzYwxASFg05KwyoZf+mnS5QfoR F+C0ZclUzHk9EBs+7Ib/VF6n+1zUCik= X-MC-Unique: Ml53NofoNNO_ZuLYe1euNw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [PATCH] Add news item for sVirt CVE fix Date: Thu, 1 Jul 2021 12:39:08 +0100 Message-Id: <20210701113908.1001086-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Signed-off-by: Daniel P. Berrang=C3=A9 --- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 935b0d0aad..3297560941 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -11,6 +11,14 @@ For a more fine-grained view, use the `git log`_. v7.5.0 (unreleased) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +* **Security fixes** + + * svirt: fix MCS label generation (CVE-2021-3631) + + A flaw in the way MCS labels were generated could result in a VM's + resource not being fully protected from access by another VM were + it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153 + * **Removed features** =20 * xen: Remove support for Xen < 4.9 --=20 2.31.1