[qubes-users] QSB-066: XML injection through libvirt domain configuration

adw · March 3, 2021, 7:06pm

Dear Qubes Community,

We have just published Qubes Security Bulletin (QSB) 066:
XML injection through libvirt domain configuration.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB-066 in the qubes-secpack:

github.com

QubesOS/qubes-secpack/blob/master/QSBs/qsb-066-2021.txt



             ---===[ Qubes Security Bulletin 066 ]===---

                             2021-03-03


         XML injection through libvirt domain configuration


User action required
=====================

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.0:
  - qubes-core-dom0 package, version 4.0.58-1

  For Qubes 4.1:

This file has been truncated. show original

Learn about the qubes-secpack, including how to obtain, verify, and read it:

View all past QSBs:

```

---===[ Qubes Security Bulletin 066 ]===---

2021-03-03

XML injection through libvirt domain configuration

User action required