ROPgadget fatal XDA-182 a major issue, where is the alarms?
28 views
Skip to first unread message
adica...@gmail.com
Aug 15, 2016, 8:09:19 PM8/15/16
to qubes-devel
After discovering this major potential bug, and with sufficient time for it to be developed in the wild, I would like to know if this privilage escalation bug is patched with the new release.
Also can we have a rough estimate for Qubes 4.0 stable????(If the case that para-virtualisation is a lost cause)
Also can we have a rough estimate for Qubes 4.0 stable????(If the case that para-virtualisation is a lost cause)
I came across this bug by accident a couple of days ago on Quarklab. I feel as though it needs to me made more public
Follow up s'il vous plaît
Andrew David Wong
Aug 15, 2016, 10:04:26 PM8/15/16
to adica...@gmail.com, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-08-15 16:59, adica...@gmail.com wrote:
> After discovering this *major* potential bug, and with sufficient time for
Are you referring to XSA-182? If so, the Qubes project "sounded the alarm"
about this as soon as the bug was made public. We made sure to spread the word
far and wide with a QSB, mailing list threads, and across social media:
1. Qubes Security Bulletin #24:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt
2. qubes-devel thread:
https://groups.google.com/d/topic/qubes-devel/3Ebjd45H15Q/discussion
3. qubes-users thread:
https://groups.google.com/d/topic/qubes-users/6eugmjXpvMc/discussion
4. Social media:
https://twitter.com/QubesOS/status/757910216637906945
https://www.facebook.com/QubesOS/posts/504972499699452
https://redd.it/4uoaqm
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXsnSdAAoJENtN07w5UDAwX7cP/jo9gYfXlt++5fdJabKAXgVe
WJupJ1ODIz1IHhIo6u7sEdHAXrX5OjUObl+iHL8/q9Ce7o5Fh62G5u8hC082VNru
dXOVYmTBv5e536uqG/OtKqwdc1jUUS1OCWzy6nK9rc47k5ug5Kc4pbCKclymyGQl
1ZxxA37rcOKXqOXxnp0731Vf3Gf7q5u0klDFNGSQ5Daktrr0wXOiDrP0gyj5MhWM
lb3D/BFmUkfdLLQBF0oW5a7pIiSjNVR4TqDOyeuencMLU7azYOfT3ouPkm1TU4Bs
pOT2aguEuRoR3xRSCMkhj781o3W93hmkpYC7IjcXVLoMae79AnKhC94iLlsXRWqN
PmtrdlAFIffOFn9jz0T6fjOQBt82uxDORxf7jY6bPgT6lCaEaoHxw3PBWyqirUiH
mBi5EKQ0dBgzYI/qqToheTm+/QLlwoQmEc4q03vQXCOPhBZQ//VUpyjtImpIANGd
88Dh58sgJQRhh6MUJcH3uvbSPcW0AdP6nm7IahL9UQsWFWOUG9JAGWyfF5LLrLK4
ehp0dYZcJ2ut7PNyecA1Fc87duFC3MjniO39CLO+8l79G0kTAkiSwhFG8cMRpw12
9oYjX3BMkt2gfz71T0Nn6PfL5Gc53IoxMOxPXmL4SNOMrpqBowkQzLHenwei4gAF
0KCE8IZs9Bj5aJbr6hd7
=D+7U
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-08-15 16:59, adica...@gmail.com wrote:
> After discovering this *major* potential bug, and with sufficient time for
about this as soon as the bug was made public. We made sure to spread the word
far and wide with a QSB, mailing list threads, and across social media:
1. Qubes Security Bulletin #24:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt
2. qubes-devel thread:
https://groups.google.com/d/topic/qubes-devel/3Ebjd45H15Q/discussion
3. qubes-users thread:
https://groups.google.com/d/topic/qubes-users/6eugmjXpvMc/discussion
4. Social media:
https://twitter.com/QubesOS/status/757910216637906945
https://www.facebook.com/QubesOS/posts/504972499699452
https://redd.it/4uoaqm
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXsnSdAAoJENtN07w5UDAwX7cP/jo9gYfXlt++5fdJabKAXgVe
WJupJ1ODIz1IHhIo6u7sEdHAXrX5OjUObl+iHL8/q9Ce7o5Fh62G5u8hC082VNru
dXOVYmTBv5e536uqG/OtKqwdc1jUUS1OCWzy6nK9rc47k5ug5Kc4pbCKclymyGQl
1ZxxA37rcOKXqOXxnp0731Vf3Gf7q5u0klDFNGSQ5Daktrr0wXOiDrP0gyj5MhWM
lb3D/BFmUkfdLLQBF0oW5a7pIiSjNVR4TqDOyeuencMLU7azYOfT3ouPkm1TU4Bs
pOT2aguEuRoR3xRSCMkhj781o3W93hmkpYC7IjcXVLoMae79AnKhC94iLlsXRWqN
PmtrdlAFIffOFn9jz0T6fjOQBt82uxDORxf7jY6bPgT6lCaEaoHxw3PBWyqirUiH
mBi5EKQ0dBgzYI/qqToheTm+/QLlwoQmEc4q03vQXCOPhBZQ//VUpyjtImpIANGd
88Dh58sgJQRhh6MUJcH3uvbSPcW0AdP6nm7IahL9UQsWFWOUG9JAGWyfF5LLrLK4
ehp0dYZcJ2ut7PNyecA1Fc87duFC3MjniO39CLO+8l79G0kTAkiSwhFG8cMRpw12
9oYjX3BMkt2gfz71T0Nn6PfL5Gc53IoxMOxPXmL4SNOMrpqBowkQzLHenwei4gAF
0KCE8IZs9Bj5aJbr6hd7
=D+7U
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages