Dear Qubes Community,We have just published Qubes Security Bulletin (QSB) #062: Stack corruption from XSA-346 change (XSA-355). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB #062 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-062-2020.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View XSA-355 in the XSA Tracker: https://www.qubes-os.org/security/xsa/#355 ``` ---===[ Qubes Security Bulletin #62 ]===--- 2020-11-24 Stack corruption from XSA-346 change (XSA-355) Summary ======== On 2020-11-24, the Xen Security Team published Xen Security Advisory 355 (XSA-355)  with the following description: | One of the two changes for XSA-346 introduced an on-stack array. The | check for guarding against overrunning this array was off by one, | allowing for corruption of the first stack slot immediately following | this array. | | A malicious or buggy HVM or PVH guest can cause Xen to crash, resulting | in a Denial of Service (DoS) to the entire host. Privilege escalation | as well as information leaks cannot be excluded. Patching ========= The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes 4.0: - Xen packages, version 4.8.5-27 For Qubes 4.1: - Xen packages, version 4.14.0-8 The packages are to be installed in dom0 via the Qube Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits ======== See the original Xen Security Advisory. References ===========  https://xenbits.xen.org/xsa/advisory-355.html -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2020/11/24/qsb-062/ -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46f8bae9-5540-ff20-079a-930016e146a3%40qubes-os.org.
Description: OpenPGP digital signature