2012-06-12 05:01:41 -04:00
---
2017-03-18 22:31:12 -04:00
layout: security
2015-10-13 23:31:03 -04:00
title: Security Bulletins
2017-03-18 22:31:12 -04:00
permalink: /security/bulletins/
2015-07-17 18:46:04 -04:00
redirect_from:
2017-03-18 22:31:12 -04:00
- /doc/security-bulletins/
2015-10-28 18:14:40 -04:00
- /en/doc/security-bulletins/
2015-10-11 03:04:59 -04:00
- /doc/SecurityBulletins/
2015-07-17 18:46:04 -04:00
- /wiki/SecurityBulletins/
- /trac/wiki/SecurityBulletins/
2012-06-12 05:01:41 -04:00
---
Qubes Security Bulletins
========================
2017-03-18 22:31:12 -04:00
Qubes Security Bulletins are published through the [Qubes Security Pack ](/security/pack/ ).
2015-01-14 07:24:23 -05:00
2012-06-12 05:01:41 -04:00
2010
----
2012-06-15 06:36:15 -04:00
- None
2012-06-12 05:01:41 -04:00
2011
----
2015-05-08 09:17:21 -04:00
- [Qubes Security Bulletin \#01 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-001-2011.txt ) (Gui daemon bug, Intel VT-d escape on non-IR hardware)
2012-06-12 05:01:41 -04:00
2012
----
2012-06-12 08:19:24 -04:00
2015-05-08 09:17:21 -04:00
- [Qubes Security Bulletin \#02 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-002-2012.txt ) (Intel SYSRET bug)
- [Qubes Security Bulletin \#03 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-003-2012.txt ) (Xen hypervisor bugs: XSA 13, others with DoS potential)
- [Qubes Security Bulletin \#04 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-004-2012.txt ) (Qubes firewall misconfiguration: ipv6 allowed)
- [Qubes Security Bulletin \#05 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-005-2012.txt ) (Xen hypervisor bugs: XSA 29, others with DoS potential)
2012-06-12 08:19:24 -04:00
2013-05-07 04:13:50 -04:00
2013
----
2015-05-08 09:17:21 -04:00
- [Qubes Security Bulletin \#06 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-006-2013.txt ) (Xen hypervisor bugs: XSA 50, others with DoS potential)
- [Qubes Security Bulletin \#07 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-007-2013.txt ) (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks)
- [Qubes Security Bulletin \#08 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-008-2013.txt ) (Xen hypervisor bugs: XSA 45,58 potential DoS)
2013-05-07 04:13:50 -04:00
2014-01-09 12:19:34 -05:00
2014
----
2015-05-08 09:17:21 -04:00
- [Qubes Security Bulletin \#09 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-009-2014.txt ) (Qubes qvm-open-in-[d]vm environment inter-VM leak)
- [Qubes Security Bulletin \#10 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-010-2014.txt ) (Qubes pulseaudio & vchan bugs, Xen XSA 87)
- [Qubes Security Bulletin \#11 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-011-2014.txt ) (Qubes clipboard inter-VM leak)
- [Qubes Security Bulletin \#12 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-012-2014.txt ) (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108))
2015-01-14 07:30:07 -05:00
2015
----
2015-05-08 09:17:21 -04:00
- [Qubes Security Bulletin \#13 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt ) (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency)
- [Qubes Security Bulletin \#14 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt ) (Race condition in Qubes Inter-VM File-Copy Mechanism)
- [Qubes Security Bulletin \#15 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-015-2015.txt ) (Critical Xen Hypervisor Vulnerability (XSA 109))
2015-10-30 01:51:23 -04:00
- [Qubes Security Bulletin \#16 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-016-2015.txt ) (Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122))
- [Qubes Security Bulletin \#17 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-017-2015.txt ) (Xen DoS from malicious driver domains or devices (XSA 120 & 124))
- [Qubes Security Bulletin \#18 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-018-2015.txt ) (Xen Hypervisor Instruction Emulation Bug (XSA 123))
- [Qubes Security Bulletin \#19 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-019-2015.txt ) (Anti Evil Maid bypass through unusual LUKS header)
- [Qubes Security Bulletin \#20 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-020-2015.txt ) (Fedora os-prober considered harmful)
- [Qubes Security Bulletin \#21 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-021-2015.txt ) (Anti Evil Maid bypass through filesystem ID collision)
- [Qubes Security Bulletin \#22 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt ) (Critical Xen bug in PV memory virtualization code (XSA 148))
2016-01-04 23:18:05 -05:00
- [Qubes Security Bulletin \#23 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-023-2015.txt ) (Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen bugs)
2014-01-09 12:19:34 -05:00
2016-07-27 16:49:58 -04:00
2016
----
- [Qubes Security Bulletin \#24 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt ) (Critical Xen bug in PV memory virtualization code (XSA 182))
2016-09-17 17:00:55 -04:00
- [Qubes Security Bulletin \#25 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-025-2016.txt ) (Xen bug in event channel handling code (XSA 188))
2016-09-21 13:56:55 -04:00
- [Qubes Security Bulletin \#26 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-026-2016.txt ) (Colored window border handling bug in Qubes GUI daemon)
2016-11-22 09:00:21 -05:00
- [Qubes Security Bulletin \#27 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt ) (Xen 64-bit bit test instruction emulation broken (XSA 195))
2016-12-20 06:04:53 -05:00
- [Qubes Security Bulletin \#28 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-028-2016.txt ) (Debian update mechanism vulnerability)
2016-07-27 16:49:58 -04:00
2017-04-04 09:29:57 -04:00
2017
----
- [Qubes Security Bulletin \#29 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt ) (Critical Xen bug in PV memory virtualization code (XSA-212))
2017-05-02 08:26:45 -04:00
- [Qubes Security Bulletin \#30 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt ) (Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214))
2017-06-20 10:00:57 -04:00
- [Qubes Security Bulletin \#31 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-031-2017.txt ) (Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224))
2017-08-15 09:27:34 -04:00
- [Qubes Security Bulletin \#32 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-032-2017.txt ) (Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230))
2017-09-12 10:18:51 -04:00
- [Qubes Security Bulletin \#33 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-033-2017.txt ) (Xen hypervisor (XSA-231 through XSA-234))
2017-10-12 09:57:54 -04:00
- [Qubes Security Bulletin \#34 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-034-2017.txt ) (GUI issue and Xen vulnerabilities (XSA-237 through XSA-244))
2017-11-28 10:24:41 -05:00
- [Qubes Security Bulletin \#35 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-035-2017.txt ) (Xen hypervisor issue related to grant tables (XSA-236))
- [Qubes Security Bulletin \#36 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-036-2017.txt ) (Xen hypervisor issue in populate-on-demand code (XSA-247))
2018-01-11 09:58:19 -05:00
2018
----
2018-01-11 09:41:56 -05:00
- [Qubes Security Bulletin \#37 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt ) (Information leaks due to processor speculative execution bugs)
2018-02-19 22:35:03 -05:00
- [Qubes Security Bulletin \#38 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-038-2018.txt ) (Qrexec policy bypass and possible information leak)
2018-05-08 21:06:59 -04:00
- [Qubes Security Bulletin \#39 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-039-2018.txt ) (Xen vulnerability (XSA-260) and GUI daemon issue)
2018-05-23 22:33:57 -04:00
- [Qubes Security Bulletin \#40 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-040-2018.txt ) (Information leaks due to processor speculative store bypass (XSA-263))
2018-06-13 23:37:13 -04:00
- [Qubes Security Bulletin \#41 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-041-2018.txt ) (Speculative register leakage from lazy FPU context switching (XSA-267))
2018-08-12 17:34:53 -04:00
- [Qubes Security Bulletin \#42 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-042-2018.txt ) (Linux netback driver OOB access in hash handling (XSA-270))
2018-09-01 23:06:16 -04:00
- [Qubes Security Bulletin \#43 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-043-2018.txt ) (L1 Terminal Fault speculative side channel (XSA-273))
2018-11-20 21:50:27 -05:00
- [Qubes Security Bulletin \#44 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-044-2018.txt ) (Multiple Xen vulnerabilities (XSA-275, XSA-280))
2018-12-03 20:14:10 -05:00
- [Qubes Security Bulletin \#45 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt ) (Insecure default Salt configuration)
2017-04-04 09:29:57 -04:00
2019-01-23 12:10:42 -05:00
2019
----
- [Qubes Security Bulletin \#46 ](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-046-2019.txt ) (APT update mechanism vulnerability)