On 05/08/18 15:19, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Xen vulnerability (XSA-260) and GUI daemon issue
Summary
========
Today, the Xen Security Team released Xen Security Advisories 260
through 262. Among these, only XSA-260 affects the security of Qubes
OS. The bug described in XSA-260 allows an attacker controlling a PV
domain to break out to dom0. This is a critical bug for Qubes 3.2, but
for Qubes 4.0 is much less severe, since all the domains that run
untrusted code in Qubes 4.0 are either PVH or HVM by default.
Additionally, Christoffer Kugg Jerkeby discovered a situation in which
Qubes GUI virtualization could allow a VM to produce a window with
borders that are white instead of the color of the VM's label.
RE: ***
(InQubes, border colors are used as front-line indicators of trust.)
However, a VM cannot use this vulnerability to draw borders with a
non-white color other than the correct one. A very similar bug was
fixed as part of QSB #34 [1], but the fix missed this one case, as
described below.
I find this interesting as I've noticed that though some of my AppVMs
color choice is grey , when I see them on the XFCE Taskbar they are
Green ......
Is this some known issue in GitHub ....
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/46346898-9922-5fd8-c4f3-972ea01e4857%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
