Qubes Security Bulletins (QSBs)

Qubes Security Bulletins (QSBs) are published through the Qubes Security Pack.

Date Qubes Security Bulletin
2019-03-05 QSB #048: Multiple Xen vulnerabilities
2019-02-19 QSB #047: Insecure default DisposableVM networking configuration
2019-01-23 QSB #046: APT update mechanism vulnerability
2018-12-03 QSB #045: Insecure default Salt configuration
2018-11-20 QSB #044: Multiple Xen vulnerabilities (XSA-275, XSA-280)
2018-09-02 QSB #043: L1 Terminal Fault speculative side channel (XSA-273)
2018-08-14 QSB #042: Linux netback driver OOB access in hash handling (XSA-270)
2018-06-13 QSB #041: Speculative register leakage from lazy FPU context switching (XSA...
2018-05-24 QSB #040: Information leaks due to processor speculative store bypass (XSA-...
2018-05-08 QSB #039: Xen vulnerability (XSA-260) and GUI daemon issue
2018-02-20 QSB #038: Qrexec policy bypass and possible information leak
2018-01-11 QSB #037: Information leaks due to processor speculative execution bugs
2017-11-28 QSB #036: Xen hypervisor issue in populate-on-demand code (XSA-247)
2017-10-24 QSB #035: Xen hypervisor issue related to grant tables (XSA-236)
2017-10-12 QSB #034: GUI issue and Xen vulnerabilities (XSA-237 through XSA-244)
2017-09-12 QSB #033: Xen hypervisor (XSA-231 through XSA-234)
2017-08-15 QSB #032: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through ...
2017-06-20 QSB #031: Xen hypervisor vulnerabilities with unresearched impact (XSA 216-...
2017-05-02 QSB #030: Critical Xen bugs related to PV memory virtualization (XSA-213, X...
2017-04-04 QSB #029: Critical Xen bug in PV memory virtualization code (XSA-212)
2016-12-19 QSB #028: Debian update mechanism vulnerability
2016-11-22 QSB #027: Xen 64-bit bit test instruction emulation broken (XSA 195)
2016-09-19 QSB #026: Colored window border handling bug in Qubes GUI daemon
2016-09-08 QSB #025: Xen bug in event channel handling code (XSA 188)
2016-07-26 QSB #024: Critical Xen bug in PV memory virtualization code (XSA 182)
2015-12-17 QSB #023: Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen ...
2015-10-29 QSB #022: Critical Xen bug in PV memory virtualization code (XSA 148)
2015-07-27 QSB #021: Anti Evil Maid bypass through filesystem ID collision
2015-07-27 QSB #020: Fedora os-prober considered harmful
2015-07-13 QSB #019: Anti Evil Maid bypass through unusual LUKS header
2015-03-10 QSB #018: Xen Hypervisor Instruction Emulation Bug (XSA 123)
2015-03-10 QSB #017: Xen DoS from malicious driver domains or devices (XSA 120 & 124)
2015-03-05 QSB #016: Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122)
2015-01-21 QSB #015: Critical Xen Hypervisor Vulnerability (XSA 109)
2015-01-20 QSB #014: Race condition in Qubes Inter-VM File-Copy Mechanism
2015-01-05 QSB #013: Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsis...
2014-10-01 QSB #012: Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108)
2014-09-10 QSB #011: Qubes clipboard inter-VM leak
2014-02-06 QSB #010: Qubes pulseaudio & vchan bugs, Xen XSA 87
2014-01-09 QSB #009: Qubes qvm-open-in-[d]vm environment inter-VM leak
2013-06-26 QSB #008: Xen hypervisor bugs: XSA 45,58 potential DoS
2013-06-21 QSB #007: Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 ...
2013-05-07 QSB #006: Xen hypervisor bugs: XSA 50, others with DoS potential
2012-12-04 QSB #005: Xen hypervisor bugs: XSA 29, others with DoS potential
2012-09-28 QSB #004: Qubes firewall misconfiguration: ipv6 allowed
2012-09-11 QSB #003: Xen hypervisor bugs: XSA 13, others with DoS potential
2012-06-12 QSB #002: Intel SYSRET bug
2011-05-12 QSB #001: Gui daemon bug, Intel VT-d escape on non-IR hardware