1. Patchew
  2. Libvirt
  3. View series

[PATCH] NEWS: Add entries for libxl changes during 8.0.0 development

Jim Fehlig posted 1 patch 2 years, 3 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20220103225942.12076-1-jfehlig@suse.com
NEWS.rst | 7 +++++++
1 file changed, 7 insertions(+)
[PATCH] NEWS: Add entries for libxl changes during 8.0.0 development
Posted by Jim Fehlig 2 years, 3 months ago 
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 NEWS.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index e7d5316721..d819b6c226 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -13,6 +13,11 @@ v8.0.0 (unreleased)
 
 * **Security**
 
+  * libxl: Fix potential deadlock and crash (CVE-2021-4147)
+
+    A rouge guest could continuously reboot itself and cause libvirtd on the
+    host to deadlock or crash, resulting in a denial of service condition.
+
 * **Removed features**
 
   * qemu: Explicitly forbid live changing nodeset for strict numatune
@@ -44,6 +49,8 @@ v8.0.0 (unreleased)
 
 * **Improvements**
 
+  * libxl: Implement the virDomainGetMessages API
+
 * **Bug fixes**
 
 
-- 
2.34.1
Re: [PATCH] NEWS: Add entries for libxl changes during 8.0.0 development
Posted by Andrea Bolognani 2 years, 3 months ago 
On Mon, Jan 03, 2022 at 03:59:42PM -0700, Jim Fehlig wrote:
> +  * libxl: Fix potential deadlock and crash (CVE-2021-4147)
> +
> +    A rouge guest could continuously reboot itself and cause libvirtd on the

*rogue

although introducing a virDomainSetColor() or virDomainApplyMakeup()
API could be a fun idea for when April comes around ;)

With that fixed

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization
Re: [PATCH] NEWS: Add entries for libxl changes during 8.0.0 development
Posted by Jim Fehlig 2 years, 3 months ago 
On 1/4/22 01:09, Andrea Bolognani wrote:
> On Mon, Jan 03, 2022 at 03:59:42PM -0700, Jim Fehlig wrote:
>> +  * libxl: Fix potential deadlock and crash (CVE-2021-4147)
>> +
>> +    A rouge guest could continuously reboot itself and cause libvirtd on the
> 
> *rogue
> 
> although introducing a virDomainSetColor() or virDomainApplyMakeup()
> API could be a fun idea for when April comes around ;)

Haha! My cheeks are rouge now :-).

> With that fixed
> 
>    Reviewed-by: Andrea Bolognani <abologna@redhat.com>

Thanks!
Jim

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.