Are all Security Packages included in updates?

Lace · March 17, 2024, 5:47pm

I was reading some of the CVEs and Bulletin QSBs

Like this one,

QubesOS/qubes-secpack/blob/master/QSBs/qsb-092-2023.txt


             ---===[ Qubes Security Bulletin 092 ]===---

                             2023-08-08

           Buffer overrun in Linux netback driver (XSA-432)

User action required
---------------------

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.1, in dom0:
  - Linux kernel packages (kernel*-qubes-vm), versions 6.1.43, 6.4.8,
    5.15.124

  For Qubes 4.2, in dom0:
  - Linux kernel packages (kernel*-qubes-vm), versions 6.1.43, 6.4.8

This file has been truncated. show original

And the “user action” is a specific package. I am wondering do these eventually get included into updates too or do users still have to install certain packages to harden Qubes?

DVM · March 17, 2024, 6:09pm

Lace · March 18, 2024, 3:29am

I see, and after testing the stable ones get released eventually into a stable update

So if I want the security patches faster I have to accept the testing stage of the security package updates

Cool thanks

adw · March 18, 2024, 8:50am

Yes.

No.

Correct.

Correct. Specifically, you would have to enable the security-testing repositories, which should not to be confused with current-testing or any other repositories.