--- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index de46cac8c5..f6074d9fe8 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -27,6 +27,14 @@ v6.9.0 (unreleased) v6.8.0 (2020-10-01) =================== +* **Security** + + * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c + + Clients connecting to the read-write socket with limited ACL permissions + may be able to crash the libvirt daemon, resulting in a denial of service, + or potentially escalate their privileges on the system. CVE-2020-25637. + * **New features** * xen: Add ``writeFiltering`` attribute for PCI devices -- 2.26.2