-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Qubes Community,
Fixed packages are now available for Qubes Security Bulletin (QSB) #050: Reinstalling a TemplateVM does not reset the private volume. Instructions for installing the new packages are included in the latest version of QSB #050, which is reproduced below. View QSB #050 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-050-2019.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ ``` ---===[ Qubes Security Bulletin #50 ]===--- 2019-08-01 Reinstalling a TemplateVM does not reset the private volume History ======== 2019-08-01: Added list of fixed packages and patching instructions 2019-07-24: Initial version Description ============ In Qubes OS, we have the ability to reinstall a TemplateVM by running `qubes-dom0-update --action=reinstall qubes-template-...` in dom0. [1] This is supposed to reset the corresponding TemplateVM to the state of the published package, i.e., no local changes should remain. One uncommon reason to perform such a reinstallation is that you suspect that a TemplateVM may be compromised. In such cases, it is very important that no local changes persist in order to ensure that the TemplateVM is no longer compromised. Due to a regression in R4.0 [2], however, reinstalling a TemplateVM using qubes-dom0-update does not completely reset all local changes to that TemplateVM. Although the tool itself and our documentation claim that the private volume of the TemplateVM is reset during reinstallation, the private volume does not actually get reset. This could allow a TemplateVM to remain compromised across a reinstallation of that TemplateVM using qubes-dom0-update. Patching ========= The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 4.0: - qubes-core-admin-client, python3-qubesadmin version 4.0.26 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. Workaround =========== Independently of patching (see above), the following workaround is available: Rather than using the qubes-dom0-update method of reinstalling a TemplateVM, you can instead manually remove the TemplateVM, then install it again. Detailed instructions for this manual method are documented here: https://www.qubes-os.org/doc/reinstall-template/#manual-method Credits ======== Thank you to Andrey Bienkowski <[email protected]> for discovering and reporting this issue. References =========== [1] https://www.qubes-os.org/doc/reinstall-template/ [2] https://github.com/QubesOS/qubes-core-admin-linux/commit/552fd062ea2bb6c2d05faa1e64e172503cacbdbf#diff-6b87ee5cdb9e63b703415a14e5a505cdL192 - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement has also been updated on the Qubes website: https://www.qubes-os.org/news/2019/07/24/qsb-050/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl1DlG8ACgkQ203TvDlQ MDCW3A//QM/K/q/AKQHGrKowA3fhPIkoDs8zhdZ1R/h2SFOkSrloTcyolvg3cnPj OeUqSis+wroxPFJ8wQb6BSJjEqi9rp9FbYsmcv3sGm3kAdcdliNC4PalMtzEGQUT 1P2bC+9dz0Pegzsq+zjDXVX6d2ZoA+iyAzYkBy6f6q2fPLtmhx3dtjMe0lIS2+OH fPTdYT7c3wRkWyA5VbFdSLFeNhlno9r+B1ppxqt5I3D0tTXy9+vgaueEr6TmhOov Q1I5/iG8cUVZqOwBWg4PmixBnyipaDYTxPIcVuBJWwW2I3X4f3P6hmeKCY1HS2c3 mWor3+ygj9JJ4FYPwS73W0Y5e1Wsu+H7AovWfCrEwe2OLupdrHdllfCkv3aEV7HM 0typI2+6h5nH9de5KG+Mkysv+iCqmt1SjCUs/+cGoTiUnhRwAWMwIUQIhzRdIoDo nZpb04IxOyPkk3bPsv6Q5kSZQrcvCfYvPwGexLJCclcWG37+ZOLlB74ohhhViAgI MDAXqljdHUOZssA7u+BC814ndrQ2m/kAYiFKwt45y+qqVfHusdWXk24Tx45ohFmC hGA8uCrutQKdKJjJjibBkQcbs9eL9VnhKuH1gdq70k5fB+CcpqsTo85sL2PIe84r qYjHuQMD5KC7otTfw9YT3Gehul+YOLuTJDQHd3/y2opCoEaoJCI= =yaT3 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/83cf9e9c-c925-9ec0-b61e-cad9eff917ab%40qubes-os.org.
