From 5ca7daf3977f294123435d886bc24de9127e29c0 Mon Sep 17 00:00:00 2001
From: Han Han <hhan@redhat.com>
Date: Fri, 25 Oct 2024 12:57:25 +0800
Subject: [PATCH] NEWS: Add the news for CVE-2024-2494

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 NEWS.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 3b31c2b14b..f85244bbfb 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -491,6 +491,18 @@ v10.3.0 (2024-05-02)
 v10.2.0 (2024-04-02)
 ====================
 
+* **Security**
+
+  * ``CVE-2024-2494``: remote: check for negative array lengths before allocation
+
+   Fix the flaw of the RPC library APIs of libvirt. The RPC server
+   de-serialization code allocates memory for arrays before the non-negative
+   length check is performed by the C API entry points. Passing a negative length
+   to the g_new0 function results in a crash due to the negative length being
+   treated as a huge positive number. A local unprivileged user could use this
+   flaw to perform a denial of service attack by causing the libvirt daemon to
+   crash.
+
 * **New features**
 
   * ch: Basic save and restore support for ch driver