adw
December 16, 2020, 9:25am
1
Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) 063: Stack corruption from XSA-346 change (XSA-355). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-063 in the qubes-secpack:
---===[ Qubes Security Bulletin 063 ]===---
2020-12-15
Multiple Xen issues (XSA-115, XSA-325, XSA-350)
User action required
=====================
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0:
- Xen packages, version 4.8.5-28
- Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1
This file has been truncated. show original
Learn about the qubes-secpack, including how to obtain, verify, and read it:
View all past QSBs:
Qubes Security Bulletins (QSBs) Qubes Security Bulletins (QSBs) are published through the Qubes Security Pack. Date Qubes Security Bulletin 2020-12-15 QSB #063: Multiple Xen issues (XSA-115, XSA-325, XSA-350) 2020-11-24 QSB #062: Stack corruption...
View the XSA Tracker:
```
---===[ Qubes Security Bulletin 063 ]===---
2020-12-15
Multiple Xen issues (XSA-115, XSA-325, XSA-350)
User action required
haaber
December 16, 2020, 9:48am
2
Dera Andrew,
For Qubes 4.0:
- Xen packages, version 4.8.5-28
- Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1
how do I fetch 4.19.163-1 for example? I tried
sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64
but this gives "no package available". Same happens for 5.9.14-1. Also
sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64
fails. What am I missing?? Thank you.
Dera Andrew,
> For Qubes 4.0:
> - Xen packages, version 4.8.5-28
> - Linux kernel packages, versions 5.9.14-1, 5.4.83-1, 4.19.163-1
how do I fetch 4.19.163-1 for example? I tried
sudo dnf install kernel-1000:4.19.163-1.pvops.qubes.x86_64
but this gives "no package available". Same happens for 5.9.14-1. Also
sudo qubes-dom0-update --action=install
kernel-1000:4.19.163-1.pvops.qubes.x86_64
fails. What am I missing?? Thank you.
The packages are likely still in security testing, not in the stable repo.
You need the enablerepo parameter. From the original announcement:
haaber
December 16, 2020, 9:59am
4
right! Thank you. That brought indeed 4.19.163. But still
sudo qubes-dom0-update --action=install
kernel-1000:5.9.14-1.qubes.x86_64 --enablerepo=qubes-dom0-security-testing
does not work. The main question seems: how do you get the correct
package name? Since a simple "update" does not install 5.9.14 but only
5.4.83 I have to ask for it "by hand", it seems.
I think the package is called kernel-latest- not just kernel- for 5.9
kernels.
Donoban
December 16, 2020, 11:13pm
6
Hi,
After upgrading I get an unbooteable system. Using a rescue pen I saw
that xen.cfg has a wrong initramfs for 5.4.832 (4.4.83 instead 5.4.83).
Could anyone check it? I saw (and maybe modified) it before rebooting
but it is very rare that I introduced accidentally that change.
Donoban
December 16, 2020, 11:17pm
7
wOps, here is a typo. Just for clarify I mean that kernel '5.4.83-1' had
initramfs '4.4.83-1'.