Dear Qubes Community, We have just published [Qubes Security Bulletin (QSB) 085: Xenstore: Guests can crash xenstored (XSA-414)](https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-085-2022.txt). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the [Qubes Security Pack (qubes-secpack)](https://www.qubes-os.org/security/pack/). More information about QSBs, including a complete historical list, is available [here](https://www.qubes-os.org/security/qsb/).
``` ---===[ Qubes Security Bulletin 085 ]===--- 2022-11-01 Xenstore: Guests can crash xenstored (XSA-414) User action required --------------------- Users must install the following specific packages in order to address the issues discussed in this bulletin: For Qubes 4.1, in dom0: - Xen packages, version 4.14.5-12 These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. [1] Once available, the packages are to be installed via the Qubes Update tool or its command-line equivalents. [2] Dom0 must be restarted afterward in order for the updates to take effect. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Summary -------- On 2022-11-01, the Xen Project published XSA-414, "Xenstore: Guests can crash xenstored" [3]: | Due to a bug in the fix of XSA-115 a malicious guest can cause | xenstored to use a wrong pointer during node creation in an error | path, resulting in a crash of xenstored or a memory corruption in | xenstored causing further damage. | | Entering the error path can be controlled by the guest e.g. by | exceeding the quota value of maximum nodes per domain. Impact ------- The Xen Project's impact description also applies to Qubes OS: | A malicious guest can cause xenstored to crash, resulting in the | inability to create new guests or to change the configuration of | running guests. | | Memory corruption in xenstored or privilege escalation of a guest | can't be ruled out. (Note: In Qubes terminology, a Xen guest is referred to as a "qube.") Credits -------- See the original Xen Security Advisory. References ----------- [1] https://www.qubes-os.org/doc/testing/ [2] https://www.qubes-os.org/doc/how-to-update/ [3] https://xenbits.xen.org/xsa/advisory-414.html -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2022/11/01/qsb-085/ -- You received this message because you are subscribed to the Google Groups "qubes-announce" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-announce+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-announce/053e6df0-4439-1cc0-33e2-2ddeb123c94d%40qubes-os.org.