https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt
I am running Qubes 3.0.
Qubes 3.0 was released Oct 1 2015.
The Xen glitch was Oct 29 2015.
Does this mean that Qubes 3.0 does not come shipped with the patch, and that I have to manually patch this myself?
Or is Qubes 3.0. safe?
I downloaded and installed Qubes 3.0 just a few days ago.. using it for the very first time.
Version: 4.4.3
Release: 11.fc20
So I am OK.
Does QUBES 3.0 come with the patched version though... Have the devs updated the ISO so that it comes patched..?
Or am I patched because I did a dom0 update..?
Thanks
Surely there should be a BIG warning on the Qubes downloads page... saying, WARNING! Xen in QUBES 3.0 allows full sandbox escape..! Update your software IMMEDIATELY after downloading, before doing anything else...!!
It really surprises me that there isn't such a big warning, given the severity of this Xen bug... Wow...
I think people concerned about their security know to update before doing anything else.