NEWS: Add the news for CVE-2024-2494

author Han Han <hhan@redhat.com>

Fri, 25 Oct 2024 04:57:25 +0000 (12:57 +0800)

committer Michal Privoznik <mprivozn@redhat.com>

Tue, 19 Nov 2024 10:24:38 +0000 (11:24 +0100)
author Han Han <hhan@redhat.com>
Fri, 25 Oct 2024 04:57:25 +0000 (12:57 +0800)
committer Michal Privoznik <mprivozn@redhat.com>
Tue, 19 Nov 2024 10:24:38 +0000 (11:24 +0100)
diff --git a/NEWS.rst b/NEWS.rst

index 3b31c2b14b05c6a340f5b153b8bcaa6a65b98eb3..f85244bbfbbbf69f9e60d6abbe71314ece18cd31 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -491,6 +491,18 @@ v10.3.0 (2024-05-02)
  v10.2.0 (2024-04-02)
  ====================
  
+* **Security**
+
+  * ``CVE-2024-2494``: remote: check for negative array lengths before allocation
+
+   Fix the flaw of the RPC library APIs of libvirt. The RPC server
+   de-serialization code allocates memory for arrays before the non-negative
+   length check is performed by the C API entry points. Passing a negative length
+   to the g_new0 function results in a crash due to the negative length being
+   treated as a huge positive number. A local unprivileged user could use this
+   flaw to perform a denial of service attack by causing the libvirt daemon to
+   crash.
+
  * **New features**
  
    * ch: Basic save and restore support for ch driver
author	Han Han <hhan@redhat.com>
	Fri, 25 Oct 2024 04:57:25 +0000 (12:57 +0800)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 19 Nov 2024 10:24:38 +0000 (11:24 +0100)