-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2018-05-08 20:32, john wrote: > On 05/08/18 15:19, Andrew David Wong wrote: > >> Xen vulnerability (XSA-260) and GUI daemon issue >> >> Summary >> ======== >> >> Today, the Xen Security Team released Xen Security Advisories 260 >> through 262. Among these, only XSA-260 affects the security of Qubes >> OS. The bug described in XSA-260 allows an attacker controlling a PV >> domain to break out to dom0. This is a critical bug for Qubes 3.2, but >> for Qubes 4.0 is much less severe, since all the domains that run >> untrusted code in Qubes 4.0 are either PVH or HVM by default. >> >> Additionally, Christoffer Kugg Jerkeby discovered a situation in which >> Qubes GUI virtualization could allow a VM to produce a window with >> borders that are white instead of the color of the VM's label. > > RE: *** > (InQubes, border colors are used as front-line indicators of trust.) >> However, a VM cannot use this vulnerability to draw borders with a >> non-white color other than the correct one. A very similar bug was >> fixed as part of QSB #34 [1], but the fix missed this one case, as >> described below. > > I find this interesting as I've noticed that though some of my AppVMs > color choice is grey , when I see them on the XFCE Taskbar they are > Green ...... > > Is this some known issue in GitHub .... >
This appears to be it: https://github.com/QubesOS/qubes-issues/issues/3471 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrycGoACgkQ203TvDlQ MDCKug/+O16Wh3J8q6DmAZTWuPB9lPAJwQHMyeiXvCb5V18PZgaUrV8g+wkPF1py bMToI9TjkAOBBhAMGYJvv8ISbJc9BFzB0TQDojAbocpjf2Lu++j897W+t9IZL4OY n0Xkktzwfx02VW+/ydVFJyFpO+VI0jdtl36O5FewGxgazz+u4woBCEGvnYB4I+1M npMFeOE1rqfQA3EcRwKaC6KUCupVYfOHeyKeP1L7aCSgEkqT5+Bk1yj9pFPNdjOM FtWuZJRujA3jqgaPsigGsy+xaHqvFsL8VGwjfl7CFEUI2vF3j2USOTbEmUiG8TzU +M+R2oGzAQ7FqsePGn0Id76Qk/jlLAQR2lmy2G7aRFBwFc6OiHgJYj7dvgSJb1Hf vebDkAGUCgDoYy8lYYF1mxlLCOvkD/j3zkON7RWCS9MKuCQ/qAldII+apavMvt7X av2gHpmSN7E1gZYsJ9P0lG1HrsYX6mbkcHYqYCiIhKA7Jiqhor7eT7f7ZDq4PTPm K2P4g0j1lheobMBlPewijEyKqunzPqETDFPtTcQfEVg9QVEjvpsGcsg2FSpsK8Ko 0XR1VpfKxOpMagMNmeI4+gymey+e2oV/ivwfiF/TZaUNFFYx4PCQI76e0Jb4+lO4 mXUOqbxl1t7O0W0L6WqG+gAsNdDysmbTx8wHRdEPH5cWJPkpBRs= =4Q7O -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7117cf97-c810-24c9-bfb0-a70834b6f9a8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
