https://nvd.nist.gov/vuln/detail/CVE-2016-10229 > udp.c in the Linux kernel before 4.5 allows remote attackers to > execute arbitrary code via UDP traffic [...]
fixed in [1] (2015-12-30) It never affected Fedora according to: https://bugzilla.redhat.com/show_bug.cgi?id=1439740#c2 > This fix was committed upstream in the 4.5 kernel merge window (Dec > 2015). It has never impacted any of the currently supported versions of > Fedora. In Debian it got fixed on 2016-01-5 https://www.debian.org/security/2016/dsa-3434 3.16.7-ckt20-1+deb8u2 https://security-tracker.debian.org/tracker/CVE-2016-10229 Since Qubes VMs depend on dom0 for kernel updates, Qubes user do not get kernel updates from upstream distros. - Qubes currently ships kernel 4.4.38 for VMs Kernel 4.4.38 has been released on 2016-12-10 so I assume it contains the fix? - Have Qubes VM kernels (provided by dom0) ever been affected (in the past of R3.2)? Since Qubes does not frequently release VM kernel updates*: Do you recommend to switch to pvgrub and in-VM kernels to be able to take advantage of regular distro kernel updates? The upcoming/planed binary packages of coldkernel probably address this topic as well. thanks! Joonas *) I know, that in-VM security is/should not be relevant for the isolation between VMs but if someone can compromise all networked VMs via vulnerabilities in the UDP/TCP/IP stack it is probably as bad as having no isolation. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/639daa54-56a6-abba-4e78-3fdd18a25518%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
