[qubes-users] Re: Announcement: Fedora 26 TemplateVM Upgrade
On Sunday, 7 January 2018 01:15:29 UTC+1, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear Qubes Community, > > Fedora 25 reached EOL ([end-of-life]) on 2017-12-12. We sincerely > apologize for our failure to provide timely notice of this event. It > is strongly recommend that all Qubes users upgrade their Fedora 25 > TemplateVMs and StandaloneVMs to Fedora 26 immediately. We provide > step-by-step [upgrade instructions] for upgrading your existing > TemplateVMs and StandaloneVMs in-place on both Qubes 3.2 and Qubes > 4.0. For a complete list of TemplateVM versions supported for your > specific version of Qubes, see [Supported TemplateVM Versions]. > > We also provide fresh Fedora 26 TemplateVM packages through the > official Qubes repositories, which you can get with the following > commands (in dom0). > > Standard Fedora 26 TemplateVM: > > $ sudo qubes-dom0-update qubes-template-fedora-26 > > [Minimal] Fedora 26 TemplateVM: > > $ sudo qubes-dom0-update qubes-template-fedora-26-minimal > > After upgrading to a Fedora 26 TemplateVM, please remember to set all > qubes that were using the old template to use the new one. The > instructions to do this can be found in the [upgrade instructions] > for your specific version. > > Please note that no user action is required regarding the OS version > in dom0. If you're using Qubes 3.2 or 4.0, there is no dom0 OS > upgrade available, since none is currently required. For details, > please see our [Note on dom0 and EOL]. > > If you're using an older version of Qubes than 3.2, we strongly > recommend that you upgrade to 3.2, as older versions are no longer > supported. > > > [end-of-life]: > https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule > [upgrade instructions]: /doc/template/fedora/upgrade-25-to-26/ > [Supported TemplateVM Versions]: /doc/supported-versions/#templatevms > [Minimal]: /doc/templates/fedora-minimal/ > [Note on dom0 and EOL]: /doc/supported-versions/#note-on-dom0-and-eol > > This announcement is also available on the Qubes website: > https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpRZpEACgkQ203TvDlQ > MDA30xAAhvx58l16DPzWdjTkCDAu8X/oIJVsidabezigI3x8BFcMWuNvGpfO9wD0 > 4oJVhXvLIrqPvWK6HBz5o8zld8rZd8r+OVB7Aivh34WIdVdxZZY9vwCvbWZifdbU > jGpAMX+ivfXTB1DM4y3hZ/gq+7kScYzIPw9TRC8CykkCySqwwWJEEMCXvqGJvYxC > HspnoiCo+LP63ta438yTHPFgk6chnlKlU2rK5KsdUE69tZl3s6t1NoZaxMHUCuMz > sxmT081xqCh4+DCPZ6WzPKiKNEc8AMVD/5Axdt5mBn2rZqGYntEX0UWh7pak3Dk5 > MZBBdevbOFj0mlQ8/wStkBjNaRSOLT//PyPCeKKNf/wvOYDPI3PfUjxYM0LaKzl9 > X6go9tlbc7e43e9lbtArmvYGY7hXsAi721dvKnpng1vuDUZjKPWOFtSVS+MX/zIl > yGmYDEK/UhFYRfaaKXP2vf5YRpRPGyl/MkTN/4akEttgnXxJ/ztR8WB3+PY73R4G > AeT4zhbLSTptIneDH9wsRujBt1l1As/9ApVxt8e0nOtyou4LdVhDlkaO6Qt2FCAs > Iprz5CYWBFD7qR9qmtDHSR99rldK0uau9Ihzabe5WK+9wtMNp3+6qaIemBUS9293 > m/Wf9H63xfjrdFMsjIiduZHFBw0Q4IQeKOlT7072QFJBvr2WmD4= > =/ZvF > -END PGP SIGNATURE- Thank you. Unfortunately I know a couple of Qubes users who have switched to plain Fedora because of the delay. That and the whole Meltdown/Spectre uncertainty. I'm sure they'll be back after that has blown over and 4.0 has a stable release. Keep up the good work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2d742fb3-9898-4535-9e65-a304237c90f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? Some news from rootkovska via Twatter: Re the #Meltdown/#Spectre attacks: 1. Practical impact on Qubes is unclear to us ATM, 2. No advanced info has been shared with us on Xen predisclosure list, so we've had no time to evaluate yet, 3. Xen published XSA 254 unexpectedly last night, 4. Xen offers no patches ATM... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd9731dc-f8f9-4f9d-aa11-e43d16cfdfe4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? Redhat has now posted speculative execution mitigation patches. I've no idea to what extent they fix all possible Spectre-like side-channel attacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f328aa39-720b-4ddf-9efd-a43ba5660c2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is Qubes effected by the Intel kernel memory leaking bug?
On Thursday, 4 January 2018 13:39:46 UTC+1, eva...@openmailbox.org wrote: > 3.2 affected? When patch will be available? :( My impression is that 3.2 isn't being patched pending 4.0, but I could be wrong there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/daed3c17-3dd1-416c-b374-8e668a0bc798%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? I guess the good news is that this debacle is going to force hardware designers and OS developers (including Qubes) to work together on minimising the chances chip-level bugs like this. Also Intel, AMD, ARM & Co. will be 'motivated' to pay attention to hardware virtualisation security issues. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10abb949-fd99-4b81-bb1b-51d1309adcfc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Thursday, 4 January 2018 09:56:44 UTC+1, stephen...@gmail.com wrote: > On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > > > It seems as if Linux countermeasures will involve a significant rewrite > > aka. FUCKWIT. > > > > Is this perhaps why there is no final 4.0 release? > > There is a Xen fix available here, at least to the Meltdown manifestation to > the chip-makers SNAFU: > > https://xenbits.xen.org/xsa/advisory-254.html > > This I assume will be in the 4.0 release version of Qubes. > > The best explanation of the field that I can find is here: > https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ > > Oder? Or at least the Meltdown (= SP3?) parts thereof. Against Spectre there is no known defence, which generally seems to break VM isolation against an attack. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e64448c-b159-40c0-8a19-5c6d6bde8864%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes effected by the Intel kernel memory leaking bug?
On Wednesday, 3 January 2018 12:55:54 UTC+1, stephen...@gmail.com wrote: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table > > It seems as if Linux countermeasures will involve a significant rewrite aka. > FUCKWIT. > > Is this perhaps why there is no final 4.0 release? There is a Xen fix available here, at least to the Meltdown manifestation to the chip-makers SNAFU: https://xenbits.xen.org/xsa/advisory-254.html This I assume will be in the 4.0 release version of Qubes. The best explanation of the field that I can find is here: https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ Oder? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bcfaab5-95c4-4a5c-b55f-bc4e8411a033%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is Qubes effected by the Intel kernel memory leaking bug?
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table It seems as if Linux countermeasures will involve a significant rewrite aka. FUCKWIT. Is this perhaps why there is no final 4.0 release? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/804b5554-0c6e-4593-ba19-5b5b74400ab2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
