Dom0 hasn't been updating, what to do now?

So, I can’t remember updating dom0 for a few months now. Probably around December time. I see there’s been multiple vulnerabilities from then, I think its a problem with Qubes not showing I need to update.

Anyway, what do I do now? Assume I’ve been compromised, and do a complete reinstall of the OS? I’ve created multiple templates during this time, and installed software on templates.

Also, is there a way to have a look at update logs? So I can see when dom0 was updated, and what happened?

I am at least on Qubes 4.1

I just got a notification for a dom0 update today but about a month before that I noticed my dom0 hadn’t updated for a while. I checked the box next to Enable updates for qubes without known available updates, then checked dom0 and next. It found some updates and I haven’t had any known issues since.

Yeah, that’s what I’ve done today. I thought to myself that I can’t remember the last time it popped up, so did it via this way. It updated a few things, however I didn’t read it all.

Hence why I’d like to get a log if possible, so I can determine the threat level. There’s been multiple warnings on the news page of exploits and vulnerabilities. They’re beyond my technical understanding, but I’d like to see exactly how long I’ve gone without updates to determine the threat.

You can look at this folder in dom0:
/var/lib/qubes/updates/rpm
And see its modification date or the modification date of the packages inside it if there are any.

You could also try sudo dnf history and sudo dnf history <number> to get more info about past update events in dom0.

1 Like