qubes-doc/SecurityBulletins.md

layout	title	permalink	redirect_from
doc	SecurityBulletins	/doc/SecurityBulletins/	/wiki/SecurityBulletins/

Qubes Security Bulletins

Qubes Security Bulletins are published through the Qubes Security Pack.

2010

• None

2011

• Qubes Security Bulletin #01 (Gui daemon bug, Intel VT-d escape on non-IR hardware)

2012

• Qubes Security Bulletin #02 (Intel SYSRET bug)
• Qubes Security Bulletin #03 (Xen hypervisor bugs: XSA 13, others with DoS potential)
• Qubes Security Bulletin #04 (Qubes firewall misconfiguration: ipv6 allowed)
• Qubes Security Bulletin #05 (Xen hypervisor bugs: XSA 29, others with DoS potential)

2013

• Qubes Security Bulletin #06 (Xen hypervisor bugs: XSA 50, others with DoS potential)
• Qubes Security Bulletin #07 (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks)
• Qubes Security Bulletin #08 (Xen hypervisor bugs: XSA 45,58 potential DoS)

2014

• Qubes Security Bulletin #09 (Qubes qvm-open-in-[d]vm environment inter-VM leak)
• Qubes Security Bulletin #10 (Qubes pulseaudio & vchan bugs, Xen XSA 87)
• Qubes Security Bulletin #11 (Qubes clipboard inter-VM leak)
• Qubes Security Bulletin #12 (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108))

2015

• Qubes Security Bulletin #13 (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency)
• Qubes Security Bulletin #14 (Race condition in Qubes Inter-VM File-Copy Mechanism)
• Qubes Security Bulletin #15 (Critical Xen Hypervisor Vulnerability (XSA 109))