-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) #44: Multiple Xen vulnerabilities (XSA-275, XSA-280). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #44 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-044-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ View XSA-275 and XSA-280 in the XSA Tracker: https://www.qubes-os.org/security/xsa/#275 https://www.qubes-os.org/security/xsa/#280 ``` ---===[ Qubes Security Bulletin #44 ]===--- 2018-11-20 Multiple Xen vulnerabilities (XSA-275, XSA-280) Summary ======== On 2018-11-20, the Xen Security Team published multiple Xen Security Advisories (XSAs): XSA-275 [1] "insufficient TLB flushing / improper large page mappings with AMD IOMMUs": | In order to be certain that no undue access to memory is possible | anymore after IOMMU mappings of this memory have been removed, | Translation Lookaside Buffers (TLBs) need to be flushed after most | changes to such mappings. Xen bypassed certain IOMMU flushes on AMD | x86 hardware. | | Furthermore logic exists Xen to re-combine small page mappings | into larger ones. Such re-combination could have occured in cases | when it was not really safe/correct to do so. | | A malicious or buggy guest may be able to escalate its privileges, may | cause a Denial of Service (DoS) affecting the entire host, or may be | able to access data it is not supposed to access (information leak). XSA-275 affects only AMD CPUs using IOMMU on both Qubes OS 3.2 and Qubes OS 4.0. XSA-275 does not affect Intel CPUs on any Qubes OS version. XSA-280 [2] "Fix for XSA-240 conflicts with shadow paging": | The fix for XSA-240 introduced a new field into the control structure | associated with each page of RAM. This field was added to a union, | another member of which is used when Xen uses shadow paging for the | guest. During migration, or with the L1TF (XSA-273) mitigation for | PV guests in effect, the two uses conflict. | | A malicious or buggy x86 PV guest may cause Xen to crash, resulting in | a DoS (Denial of Service) affecting the entire host. Privilege | escalation as well as information leaks cannot be ruled out. XSA-280 affects only Qubes OS 3.2. XSA-280 does not affect Qubes OS 4.0, since the shadow paging feature is disabled at build time for 4.0. Patching ========= The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes OS 3.2: - Xen packages, version 4.6.6-45 For Qubes OS 4.0: - Xen packages, version 4.8.4-7 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits ======== See the original Xen Security Advisory. References =========== [1] https://xenbits.xen.org/xsa/advisory-275.html [2] https://xenbits.xen.org/xsa/advisory-280.html - -- The Qubes Security Team https://www.qubes-os.org/security/ ``` This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/11/20/qsb-44/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlv0yfkACgkQ203TvDlQ MDBPPRAAsvklyGwHVwvNYbDpSRfNr3Q7zvsyPRNW6UBBOKZjiczixrCxEt23Ok12 VScalFyjtb7YcH6NnLuvNYFXWLA3mB0BsXK3A/kKqM4n00QbRPStihDGpdtm04kJ 7wb7J/zKpU3iYWNZepI/0GyYluq3JXNkfS5EoAhMaNYAkwA1mzLRU7Ogp5B3ibu1 IYycXPxouv32Ay3TqOl1lTHBMT16mx2uQkqZDXaFB0Rk8CjUCOawiJB+dQmhRxg8 wE61EFe2XDzaR8T9BbZ3nEB7qQthUa4rBARk5ch/lC347SE+s2w1mW5vkgFit1ZL cniMgT+mujHLKkv21Owg96VwO1LL+OBu/K3vJcwzBYGdwbgNZsHISHXLFKyk8UZ9 MxmXnXj+NzWmz/p9dHEIFQQ6kz0I8glHkS51PVqWCK5ujgimdysaqF9kp67BY0cH tk79CXIeNnqGiX8fkXA5p24smnkn+XoP6B3g8fZXMt1So8jCaG2xvKGjoxgIRKpA Y5W42w7D9DHSlL/OMGVybY/1lRl6ylHVPecnQG6gQLRsmtKgSkhjYxRD2Y92uaRp 0RCSKBz+PF5CbLcd7CCybMFxipzTF2PNrdz4eHahcHSkKj3EsO4vI3rYgqA2K55x gqxO6e5GYAmJp8R/Zf1UBklsyioOS0WFvyssJiEWTwh2jbRHTcw= =Hpgh -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/353136d3-19c8-043f-7530-312e12d871a5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
