On Thursday, April 13, 2017 at 8:18:20 PM UTC-4, Joonas Lehtonen wrote: > https://nvd.nist.gov/vuln/detail/CVE-2016-10229 > > udp.c in the Linux kernel before 4.5 allows remote attackers to > > execute arbitrary code via UDP traffic [...] > > fixed in [1] (2015-12-30) > > It never affected Fedora according to: > https://bugzilla.redhat.com/show_bug.cgi?id=1439740#c2 > > This fix was committed upstream in the 4.5 kernel merge window (Dec > > 2015). It has never impacted any of the currently supported versions of > > Fedora. > > In Debian it got fixed on 2016-01-5 > https://www.debian.org/security/2016/dsa-3434 > 3.16.7-ckt20-1+deb8u2 > https://security-tracker.debian.org/tracker/CVE-2016-10229 > > Since Qubes VMs depend on dom0 for kernel updates, Qubes user do not get > kernel updates from upstream distros. > > - Qubes currently ships kernel 4.4.38 for VMs > Kernel 4.4.38 has been released on 2016-12-10 so I assume it contains > the fix? > > - Have Qubes VM kernels (provided by dom0) ever been affected (in the > past of R3.2)? > > Since Qubes does not frequently release VM kernel updates*: > Do you recommend to switch to pvgrub and in-VM kernels to be able to > take advantage of regular distro kernel updates? > > The upcoming/planed binary packages of coldkernel probably address this > topic as well. > > thanks! > Joonas > > > *) I know, that in-VM security is/should not be relevant for the > isolation between VMs but if someone can compromise all networked VMs > via vulnerabilities in the UDP/TCP/IP stack it is probably as bad as > having no isolation. > > > [1] > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
read this discussion, kernel verison might not mean much here. https://news.ycombinator.com/item?id=14105718 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5dba8d6a-3eea-4eda-b583-9c1c953f2901%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
