mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-11 00:34:31 -05:00
7.9 KiB
7.9 KiB
layout | title | permalink | redirect_from | |||||
---|---|---|---|---|---|---|---|---|
security | Security Bulletins | /security/bulletins/ |
|
Qubes Security Bulletins
Qubes Security Bulletins are published through the Qubes Security Pack.
2010
- None
2011
- Qubes Security Bulletin #01 (Gui daemon bug, Intel VT-d escape on non-IR hardware)
2012
- Qubes Security Bulletin #02 (Intel SYSRET bug)
- Qubes Security Bulletin #03 (Xen hypervisor bugs: XSA 13, others with DoS potential)
- Qubes Security Bulletin #04 (Qubes firewall misconfiguration: ipv6 allowed)
- Qubes Security Bulletin #05 (Xen hypervisor bugs: XSA 29, others with DoS potential)
2013
- Qubes Security Bulletin #06 (Xen hypervisor bugs: XSA 50, others with DoS potential)
- Qubes Security Bulletin #07 (Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 with potential leaks)
- Qubes Security Bulletin #08 (Xen hypervisor bugs: XSA 45,58 potential DoS)
2014
- Qubes Security Bulletin #09 (Qubes qvm-open-in-[d]vm environment inter-VM leak)
- Qubes Security Bulletin #10 (Qubes pulseaudio & vchan bugs, Xen XSA 87)
- Qubes Security Bulletin #11 (Qubes clipboard inter-VM leak)
- Qubes Security Bulletin #12 (Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108))
2015
- Qubes Security Bulletin #13 (Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsistency)
- Qubes Security Bulletin #14 (Race condition in Qubes Inter-VM File-Copy Mechanism)
- Qubes Security Bulletin #15 (Critical Xen Hypervisor Vulnerability (XSA 109))
- Qubes Security Bulletin #16 (Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122))
- Qubes Security Bulletin #17 (Xen DoS from malicious driver domains or devices (XSA 120 & 124))
- Qubes Security Bulletin #18 (Xen Hypervisor Instruction Emulation Bug (XSA 123))
- Qubes Security Bulletin #19 (Anti Evil Maid bypass through unusual LUKS header)
- Qubes Security Bulletin #20 (Fedora os-prober considered harmful)
- Qubes Security Bulletin #21 (Anti Evil Maid bypass through filesystem ID collision)
- Qubes Security Bulletin #22 (Critical Xen bug in PV memory virtualization code (XSA 148))
- Qubes Security Bulletin #23 (Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen bugs)
2016
- Qubes Security Bulletin #24 (Critical Xen bug in PV memory virtualization code (XSA 182))
- Qubes Security Bulletin #25 (Xen bug in event channel handling code (XSA 188))
- Qubes Security Bulletin #26 (Colored window border handling bug in Qubes GUI daemon)
- Qubes Security Bulletin #27 (Xen 64-bit bit test instruction emulation broken (XSA 195))
- Qubes Security Bulletin #28 (Debian update mechanism vulnerability)
2017
- Qubes Security Bulletin #29 (Critical Xen bug in PV memory virtualization code (XSA-212))
- Qubes Security Bulletin #30 (Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214))
- Qubes Security Bulletin #31 (Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224))
- Qubes Security Bulletin #32 (Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230))
- Qubes Security Bulletin #33 (Xen hypervisor (XSA-231 through XSA-234))
- Qubes Security Bulletin #34 (GUI issue and Xen vulnerabilities (XSA-237 through XSA-244))
- Qubes Security Bulletin #35 (Xen hypervisor issue related to grant tables (XSA-236))
- Qubes Security Bulletin #36 (Xen hypervisor issue in populate-on-demand code (XSA-247))
2018
- Qubes Security Bulletin #37 (Information leaks due to processor speculative execution bugs)
- Qubes Security Bulletin #38 (Qrexec policy bypass and possible information leak)
- Qubes Security Bulletin #39 (Xen vulnerability (XSA-260) and GUI daemon issue)
- Qubes Security Bulletin #40 (Information leaks due to processor speculative store bypass (XSA-263))
- Qubes Security Bulletin #41 (Speculative register leakage from lazy FPU context switching (XSA-267))
- Qubes Security Bulletin #42 (Linux netback driver OOB access in hash handling (XSA-270))
- Qubes Security Bulletin #43 (L1 Terminal Fault speculative side channel (XSA-273))
- Qubes Security Bulletin #44 (Multiple Xen vulnerabilities (XSA-275, XSA-280))
- Qubes Security Bulletin #45 (Insecure default Salt configuration)