On Wednesday, August 15, 2018 at 8:50:28 PM UTC+8, Rusty Bird wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Sphere: > > https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/ > > > > There are other vulnerabilities disclosed along with this today and > > if possible, I would like to confirm that as well. > > > > On a side note, I have long disabled Hyperthreading on my machine. > > To me as a layman, it looks like Qubes is indeed vulnerable to the > XSA-273 data leak, and that fixing it involves > > 1. disabling hyperthreading (by adding smt=off to the Xen command line) > 2. AND upgrading Intel microcode to 20180807 > 3. AND upgrading Xen > > There's a pull request* for the new microcode package. As for Xen, the > XSA says they're "not supplying separate patches because the changes > have many complicated prerequisites", and their d95b5bb commit on the > staging-4.8 branch is 42 patches ahead of RELEASE-4.8.4... :\ > > Rusty > > > * https://github.com/QubesOS/qubes-intel-microcode/pull/2 > -----BEGIN PGP SIGNATURE----- > > iQJ8BAEBCgBmBQJbdB8sXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 > NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf+A4P/jJopc94LC67vWz+PmkLOmB5 > DaxS/VmFB70CNzfDmQMJ58YLOJ7z2wu9GEOOnHgP+KmAKsn9/xtp5nufrMfNoOd+ > a7dezBA0b2vHy7aVaAXG3qhRL9PhHqpFhcUrudShATrUWdY2aFnaeRGSZDbwoR40 > jGEgjxFFM2SGEtTHOEuKBBfLU/OJMw72ClmIAIdtvfEPABQ0WYw95OmcVTzi+tvZ > 2bEwXJz1cXUovGzDPInbBBZm43m3X/r9FAnsFdLQXyjgRNkFc2LuhVz5Tc12NGjH > 6Xb2qJlIhQVZjotRPqm506G6UrKrx5DB0lANY2/H8tl/tPACyoTY+EHrOJHIz/21 > XipPbVVLqQJtQJOgQXCkHEPz49X1Deni/TFedrQxzEuTiOH5R/KVjqEe17cwyaL4 > f6HHf94OiFHGKVmGtwySwMxxWiH9T0UOu3+Xzo3UNE9IPkLoakcXMTvaLFJS9Hfa > AFZil3+aKMogWWRS0mJJc0UX+m9jpPdwERdXAriqAY4mp59TJ3qt5OFEobSlG4kD > aRIfBiQbMRZagfwtsHLTxwEymwMyaovm/q7hv6cZvNYm2S7cztMdFXeUquYlZgJi > ZzCr+AirENSDSBq+hCosnGdvwAAemiUBpRh3kXHMuOTtR1Lu3ulnatN64SCznzPR > M8ZJnNdpOLX4RqU/yTr/ > =E4BM > -----END PGP SIGNATURE-----
I have hyperthreading disabled on my BIOS, do I still have to add that option to Xen command line? By pull request you mean, it's still being grabbed for use and installation using qubes-dom0-update right? As for Xen updates, welp we have no choice but to wait for that I suppose. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d320435-9846-4dc7-90b5-edb2740bb0de%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.