Qubes Security Bulletin #25

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Qubes users,

We have just released a new Qubes Security Bulletin (QSB #25):

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-025-2016.txt

The bug described there applies only to Qubes 3.0. Qubes 3.1 and later
are not affected.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX0VS0AAoJENuP0xzK19csgkcH/R0z5UXeQ6agHKWmUNNuSCVe
iUK8YlTVR19qIyjW0M9uNxe/2Mg7OJNPxFM2CprEh2uZcR1mblOGeZpGBqdomlH3
/NMmzkAaEhhpoN9ZPlB/SxUKVNu/Uu7BEXZmVm6rLFKdhJHa0B6B4l4bpymzD+42
RVBJ4vWbajfy8Nmlrx4sdDtIeXf7yeqNSz27psfRLgI5PRA+jLfAyrtxNuE0sXjZ
ZuU0oaa5nrJBBSLIhTIrKelRaiqcM/HybJ+NpIPf+fF4ATYf8MHsPLmBzBcVXybu
TjHCcFI1l/oAu5PvdbSmwVPpiMRaQyGIWDF4lXHBq06w+ytr/B95PW0dtCY9PZE=
=uz0v
-----END PGP SIGNATURE-----

[jkitt]

> A malicious guest administrator can crash the host, leading to a DoS. Arbitrary code execution (and therefore privilege escalation)

Think this is an example of why it's a good idea to password protect guests?