|
Date |
Qubes security bulletin |
|
2022-11-23 |
QSB #087: Qrexec: Injection of unsanitized data into log output |
|
2022-11-08 |
QSB #086: Speculative security issues on AMD CPUs (XSA-422) |
|
2022-11-01 |
QSB #085: Xenstore: Guests can crash xenstored (XSA-414) |
|
2022-08-06 |
QSB #084: Split GPG: GnuPG file descriptor confusion and file existence leak |
|
2022-07-13 |
QSB #083: Retbleed: Arbitrary speculative code execution with return instru... |
|
2022-07-05 |
QSB #082: Memory management issues in PV frontend drivers |
|
2022-06-17 |
QSB #081: x86: MMIO Stale Data vulnerabilities (XSA-404) |
|
2022-06-09 |
QSB #080: Issues with PV domains and PCI passthrough (XSA-401, XSA-402) |
|
2022-04-05 |
QSB #079: Two IOMMU-related Xen issues (XSA-399, XSA-400) |
|
2022-03-10 |
QSB #078: Linux kernel PV driver issues and LVM misconfiguration |
|
2022-03-09 |
QSB #077: Multiple speculative security issues (XSA-398) |
|
2022-02-11 |
QSB #076: Intel microcode updates |
|
2022-01-25 |
QSB #075: Insufficient cleanup of passed-through device IRQs (XSA-395) |
|
2021-11-23 |
QSB #074: Xen issues related to populate-on-demand (XSA-388, XSA-389) |
|
2021-10-15 |
QSB #073: Race condition when setting override-redirect flag |
|
2021-09-27 |
QSB #072: Inconsistent handling of the override-redirect flag |
|
2021-09-09 |
QSB #071: Fatal options filtering flaw in Split GPG |
|
2021-08-25 |
QSB #070: Xen issues related to grant tables v2 and IOMMU |
|
2021-06-08 |
QSB #069: Multiple Xen and Intel issues |
|
2021-06-04 |
QSB #068: Disconnecting a video output can cause XScreenSaver to crash |
|
2021-03-19 |
QSB #067: Multiple RPM vulnerabilities |
|
2021-03-03 |
QSB #066: XML injection through libvirt domain configuration |
|
2021-02-18 |
QSB #065: Missed flush in XSA-321 backport (XSA-366) |
|
2021-02-16 |
QSB #064: Linux: error handling issues in blkback's grant mapping (XSA-365) |
|
2020-12-15 |
QSB #063: Multiple Xen issues (XSA-115, XSA-325, XSA-350) |
|
2020-11-24 |
QSB #062: Stack corruption from XSA-346 change (XSA-355) |
|
2020-11-10 |
QSB #061: Information leak via power sidechannel (XSA-351) |
|
2020-10-20 |
QSB #060: Multiple Xen issues (XSA-345, XSA-346, XSA-347) |
|
2020-09-22 |
QSB #059: Multiple Xen issues (XSA-337, XSA-340, XSA-343) |
|
2020-07-07 |
QSB #058: Insufficient cache write-back under VT-d (XSA-321) |
|
2020-06-11 |
QSB #057: Special Register Buffer speculative side channel (XSA-320) |
|
2019-12-25 |
QSB #056: Insufficient anti-spoofing firewall rules |
|
2019-12-11 |
QSB #055: Issues with PV type change and handling IOMMU on AMD (XSA-310, XS... |
|
2019-11-26 |
QSB #054: Xen fix for XSA-302 found ineffective in Qubes configuration (XSA... |
|
2019-11-13 |
QSB #053: TSX Asynchronous Abort speculative side channel (XSA-305) |
|
2019-10-31 |
QSB #052: Xen issues affecting PCI passthrough and PV domains (XSA-299, XSA... |
|
2019-09-10 |
QSB #051: Insufficient validation of backup compression filter on restore |
|
2019-07-24 |
QSB #050: Reinstalling a TemplateVM does not reset the private volume |
|
2019-05-15 |
QSB #049: Microarchitectural Data Sampling speculative side channel (XSA-297) |
|
2019-03-05 |
QSB #048: Multiple Xen vulnerabilities |
|
2019-02-19 |
QSB #047: Insecure default DisposableVM networking configuration |
|
2019-01-23 |
QSB #046: APT update mechanism vulnerability |
|
2018-12-03 |
QSB #045: Insecure default Salt configuration |
|
2018-11-20 |
QSB #044: Multiple Xen vulnerabilities (XSA-275, XSA-280) |
|
2018-09-02 |
QSB #043: L1 Terminal Fault speculative side channel (XSA-273) |
|
2018-08-14 |
QSB #042: Linux netback driver OOB access in hash handling (XSA-270) |
|
2018-06-13 |
QSB #041: Speculative register leakage from lazy FPU context switching (XSA... |
|
2018-05-24 |
QSB #040: Information leaks due to processor speculative store bypass (XSA-... |
|
2018-05-08 |
QSB #039: Xen vulnerability (XSA-260) and GUI daemon issue |
|
2018-02-20 |
QSB #038: Qrexec policy bypass and possible information leak |
|
2018-01-11 |
QSB #037: Information leaks due to processor speculative execution bugs |
|
2017-11-28 |
QSB #036: Xen hypervisor issue in populate-on-demand code (XSA-247) |
|
2017-10-24 |
QSB #035: Xen hypervisor issue related to grant tables (XSA-236) |
|
2017-10-12 |
QSB #034: GUI issue and Xen vulnerabilities (XSA-237 through XSA-244) |
|
2017-09-12 |
QSB #033: Xen hypervisor (XSA-231 through XSA-234) |
|
2017-08-15 |
QSB #032: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through ... |
|
2017-06-20 |
QSB #031: Xen hypervisor vulnerabilities with unresearched impact (XSA 216-... |
|
2017-05-02 |
QSB #030: Critical Xen bugs related to PV memory virtualization (XSA-213, X... |
|
2017-04-04 |
QSB #029: Critical Xen bug in PV memory virtualization code (XSA-212) |
|
2016-12-19 |
QSB #028: Debian update mechanism vulnerability |
|
2016-11-22 |
QSB #027: Xen 64-bit bit test instruction emulation broken (XSA 195) |
|
2016-09-19 |
QSB #026: Colored window border handling bug in Qubes GUI daemon |
|
2016-09-08 |
QSB #025: Xen bug in event channel handling code (XSA 188) |
|
2016-07-26 |
QSB #024: Critical Xen bug in PV memory virtualization code (XSA 182) |
|
2015-12-17 |
QSB #023: Race condition bugs in Xen code (XSA-155 and XSA-166), other Xen ... |
|
2015-10-29 |
QSB #022: Critical Xen bug in PV memory virtualization code (XSA 148) |
|
2015-07-27 |
QSB #021: Anti Evil Maid bypass through filesystem ID collision |
|
2015-07-27 |
QSB #020: Fedora os-prober considered harmful |
|
2015-07-13 |
QSB #019: Anti Evil Maid bypass through unusual LUKS header |
|
2015-03-10 |
QSB #018: Xen Hypervisor Instruction Emulation Bug (XSA 123) |
|
2015-03-10 |
QSB #017: Xen DoS from malicious driver domains or devices (XSA 120 & 124) |
|
2015-03-05 |
QSB #016: Xen Hypervisor Information Leaks Vulnerabilities (XSA 121 & 122) |
|
2015-01-21 |
QSB #015: Critical Xen Hypervisor Vulnerability (XSA 109) |
|
2015-01-20 |
QSB #014: Race condition in Qubes Inter-VM File-Copy Mechanism |
|
2015-01-05 |
QSB #013: Qubes Clipboard Timing Attacks and Qubes Core Python API Inconsis... |
|
2014-10-01 |
QSB #012: Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108) |
|
2014-09-10 |
QSB #011: Qubes clipboard inter-VM leak |
|
2014-02-06 |
QSB #010: Qubes pulseaudio & vchan bugs, Xen XSA 87 |
|
2014-01-09 |
QSB #009: Qubes qvm-open-in-[d]vm environment inter-VM leak |
|
2013-06-26 |
QSB #008: Xen hypervisor bugs: XSA 45,58 potential DoS |
|
2013-06-21 |
QSB #007: Xen hypervisor bugs: XSA 57 potential escalation, also XSA 52-54 ... |
|
2013-05-07 |
QSB #006: Xen hypervisor bugs: XSA 50, others with DoS potential |
|
2012-12-04 |
QSB #005: Xen hypervisor bugs: XSA 29, others with DoS potential |
|
2012-09-28 |
QSB #004: Qubes firewall misconfiguration: ipv6 allowed |
|
2012-09-11 |
QSB #003: Xen hypervisor bugs: XSA 13, others with DoS potential |
|
2012-06-12 |
QSB #002: Intel SYSRET bug |
|
2011-05-12 |
QSB #001: Gui daemon bug, Intel VT-d escape on non-IR hardware |