[qubes-users] Dom0 update not working 4.1.2

[Franz]

Hello friends,

Dom0 update (4.1.2) is giving the following error since more than a week:

"Sending repository information to UpdateVM failed: code 2"

Regarding this I am using the default installation and the UpdateVM is
sys-firewall.
any idea?

Best
Franz

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAs8%2BZkLumAMA%3D2ocLd_zo_FR7i1FdxB3HRtHLS19bDGQ%40mail.gmail.com.

[qubes-users] XSAs released on 2023-09-25

[Andrew David Wong]

Dear Qubes Community,

The [Xen Project](https://xenproject.org/) has released one or more [Xen 
security advisories (XSAs)](https://xenbits.xen.org/xsa/).
The security of Qubes OS *is affected*.
Therefore, *user action is required*.

## XSAs that DO affect the security of Qubes OS

The following XSAs *do affect* the security of Qubes OS:

- [XSA-439](https://xenbits.xen.org/xsa/advisory-439.html)
  - Please see [QSB-094](https://www.qubes-os.org/news/2023/09/27/qsb-094/) for 
details.

## XSAs that DO NOT affect the security of Qubes OS

The following XSAs *do not affect* the security of Qubes OS, and no user action 
is necessary:

- (none)

## About this announcement

Qubes OS uses the [Xen 
hypervisor](https://wiki.xenproject.org/wiki/Xen_Project_Software_Overview) as 
part of its [architecture](https://www.qubes-os.org/doc/architecture/). When 
the [Xen Project](https://xenproject.org/) publicly discloses a vulnerability 
in the Xen hypervisor, they issue a notice called a [Xen security advisory 
(XSA)](https://xenproject.org/developers/security-policy/). Vulnerabilities in 
the Xen hypervisor sometimes have security implications for Qubes OS. When they 
do, we issue a notice called a [Qubes security bulletin 
(QSB)](https://www.qubes-os.org/security/qsb/). (QSBs are also issued for 
non-Xen vulnerabilities.) However, QSBs can provide only *positive* 
confirmation that certain XSAs *do* affect the security of Qubes OS. QSBs 
cannot provide *negative* confirmation that other XSAs do *not* affect the 
security of Qubes OS. Therefore, we also maintain an [XSA 
tracker](https://www.qubes-os.org/security/xsa/), which is a comprehensive list 
of all XSAs publicly disclosed to date, including whether each one affects the 
security of Qubes OS. When new XSAs are published, we add them to the XSA 
tracker and publish a notice like this one in order to inform Qubes users that 
a new batch of XSAs has been released and whether each one affects the security 
of Qubes OS.


This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2023/09/27/xsas-released-on-2023-09-25/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c334e27-25fb-4b75-16da-def3dbf8a298%40qubes-os.org.

[qubes-users] QSB-094: x86/AMD: Divide speculative information leak

[Andrew David Wong]

Dear Qubes Community,

We have published [Qubes Security Bulletin 094: x86/AMD: Divide speculative 
information 
leak](https://github.com/QubesOS/qubes-secpack/blob/main/QSBs/qsb-094-2023.txt).
 The text of this QSB and its accompanying cryptographic signatures are 
reproduced below. For an explanation of this announcement and instructions for 
authenticating this QSB, please see the end of this announcement.

## Qubes Security Bulletin 094

```

 ---===[ Qubes Security Bulletin 094 ]===---

 2023-09-27

x86/AMD: Divide speculative information leak

User action required
-

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.1, in dom0:
  - Xen packages, version 4.14.6-2

  For Qubes 4.2, in dom0:
  - Xen packages, version 4.17.2-2

Dom0 must be restarted afterward in order for the updates to take
effect.

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.

Summary


On 2023-09-25, the Xen Project published XSA-439, "x86/AMD: Divide
speculative information leak" [3]:

| In the Zen1 microarchitecture, there is one divider in the
| pipeline which services uops from both threads.  In the case of #DE,
| the latched result from the previous DIV to execute will be forwarded
| speculatively.
|
| This is a covert channel that allows two threads to communicate
| without any system calls.  In also allows userspace to obtain the
| result of the most recent DIV instruction executed (even
| speculatively) in the core, which can be from a higher privilege
| context.

For more information, see:
 * https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html

Impact
---

On systems with an AMD Zen (first generation) CPU, an attacker who
compromises a VM can attempt to exploit this vulnerability in order to
infer the contents of data from a different execution context on the
same CPU core. This includes data belonging to a different VM (which
could be dom0) that was previously scheduled on that CPU core and Xen
itself. The latter is relevant because some system operations require
Xen to load data from a VM. This data may or may not be sensitive.
However, the attacker has no control over the data that Xen loads (and,
to some extent, no knowledge of what was loaded).

Credits


See the original Xen Security Advisory.

References
---

[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-439.html

--
The Qubes Security Team
https://www.qubes-os.org/security/

```

*Source*: 


## [Marek 
Marczykowski-Górecki](https://www.qubes-os.org/team/#marek-marczykowski-górecki)'s
 PGP signature

```
-BEGIN PGP SIGNATURE-

iQIzBAABCAAdFiEELRdx/k12ftx2sIn61lWk8hgw4GoFAmUTmvAACgkQ1lWk8hgw
4Go4DQ/9Gf5Jy377V8kLXSmxYcNBd2MLTkZ5SO1zbjcvZaHv19NL/QtONAYHnNFz
PrUiBwai6//LGevV8SMAIr+ytADZDFN2kukMk+GCWfG5DSIqkVwcqWkSI/7Tc6sH
0LRoWcAJKNovZRLr+SHj1v5OP8E+42JTTv9k/3SlYVMVI6wuQ61dd0gnC32Wb6SA
4fj7VOOCuC0OfSAT+PBmp5EV8+4RgytzIrtbvaaFG7jhdVPX6bfkcDzSKJkcFLjV
wlzwMkVk0hbDMTRwP3ZumUYbd9iA30JK+Q0lFwGX/MdMJ/mALnYSjlGh3XyDRBDE
OxudQZ6PFTbhMbVmuJk69J999s537mQI6nyh7ygrrHgnxyqJq647U5bvG74jDEP1
SMCRXRCmQ+90HeTzDbFyJk9WVfWQtZh3e5vpDsSYJVcHVoSq50Zs3nVHAmiGWcJR
M+u0vwaSPBWKKtxtvfcZw9GU2m9QoD03/JellZOfOhgafPHfmDUqLi/BsI0oN2WZ
ABDZT3zwzwE7L8fRXPrYSnr3bNqx8ukIU6+DPEE+7Ckfkh4Z9KGCh7VmDs7wUL32
K9ugM9g8xARTQqs85uBQdohEWYU3M53uxb51AyFy8l6uJDpuOUgQnptqrQf2YjES
/Ih03fE2Husc97qdsAGDlqet6wB57rbCpDy20+EYQFvXE7vynsg=
=HOO+
-END PGP SIGNATURE-
```

*Source*: 


## [Simon Gaiser (aka 
HW42)](https://www.qubes-os.org/team/#simon-gaiser-aka-hw42)'s PGP signature

```
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEE6hjn8EDEHdrv6aoPSsGN4REuFJAFAmUTncEACgkQSsGN4REu
FJClzQ/+JkYPyrNcKWpHPvoxti+QxQLpZq1KvkIY/otEPMAFaDsmLg3sjcsd0Hs2
Co7kD6jy0BknS+ICBqc1eCQFwjU3cJn5Ay8F/G/zndK8UZDJWhj8ImPF79RJvawH
l9QqVIGndis9XuSlkWXXV2Hi+bt55HOA2YwlrLg2XW/ptrsvHr61qA8VPWaVPncx
DKH106S03a3tBDpTRnsUq/YZM1MYvXnzylKHrIF/TD2h0h2LmhPWNP812u3/Qt25
DqidNV23/l/Xri+gK0Mvnxel4nsBRz+iQBPcB+cMnYmOJ/jnVZsVS74/FBsj54q8
Uiphy0OrHLFjYFcv/eLIAKArcRrfILfRftUe7NyGjp4oIeKNGFc8zRf791gNUNiJ
1u4hwsH8W6xtLiERRv5K0d3UGZak8qmR3UgJ32gf+sF77kAc7Qe/200qyjmPwYG3
+4pO1UcFrAOaNBKG1aSp2J6byDc8ZO6qCv0XG+FcI6cntGBbAQjkrjclH+nSwF5M
CPWd+nFwZe2EVjprebiTZfYA0nyiQKRkRf8RmCd316WG7IYktMny2TIrADn/rGcR
d+RmHGBaRArPwPyefsre32jgpauRJ8hw5hwCenT2ELO17MsK/2FFp0Cguhyd2yEZ
u9e5kmZK5o6FDqqZIHQFNmRyFWA3Jr5uygAZ0TetRroNlnKl96o=
=yvp2
-END PGP SIGNATURE-
```

*Source*: 


## What is the purpose of this announcement?

The purpose of this announce

Re: [qubes-users] Update problem with a 'debian-12-minimal' based template

[Viktor Ransmayr]

Hello Andrew

Am Mi., 27. Sept. 2023 um 08:23 Uhr schrieb Andrew David Wong <
a...@qubes-os.org>:

> On 9/26/23 10:29 PM, Viktor Ransmayr wrote:
> > ...
> >
> > Since I have not worked at all with Salt (yet) - and -  also have not
> > 'touched' dom-0 at all, I'd be very grateful for any advice on how to
> > resolve this probem.
>
> It sounds like you might be hitting this bug:
>
> https://github.com/QubesOS/qubes-issues/issues/8440


Thanks a lot for this info. - I'll 'monitor' the progress on this issue.

With kind regards,

Viktor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAeSrGJ2oih64Zx6acOkVNK9VwVY1uU0kVdEv7pW992TyXqntA%40mail.gmail.com.

[qubes-users] HCL

[Grey Grey]

Enable legacy boot, disable secure boot in BIOS.
Suspend Work!

---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  'unknown'
remap:
  'yes'
brand: |
  Dell Inc.
model: |
  Precision 5520
bios: |
  1.32.0
cpu: |
  Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host
Bridge/DRAM Registers [8086:5910] (rev 05)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation HD Graphics 630 [8086:591b] (rev 04) (prog-if 00 [VGA
controller])
gpu-short: |
  FIXME
network: |
  Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
memory: |
  32329
scsi: |

usb: |
  1
versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R4.1
  xen: |
4.14.6
  kernel: |
6.1.43-1
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHU1juYXdwq1n1wRkFF0XGaO0KPLp-BqVX0zFXaAp%3DrKH6Npew%40mail.gmail.com.