|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [MirageOS-devel] MirageOS Security Announcement 02: grant unshare vulnerability in mirage-xen versions < 3.3.0
All, The MirageOS security team has published MirageOS Security Announcement #02, a grant unshare vulnerability in mirage-xen versions before 3.3.0, to the MirageOS website. The announcement can be found at https://mirage.io/blog/MSA02 . A copy signed with the security team's key is also available in the mirage-www git repository (https://raw.githubusercontent.com/mirage/mirage-www/master/tmpl/advisories/02.txt.asc) , and attached to this email for your convenience. The current release of qubes-mirage-firewall (v0.5) already has the fixes, but if you are using an older release then you should upgrade (see https://github.com/mirage/qubes-mirage-firewall). Note that mirage-xen 3.3.0 was the first release to support fixed drivers, while mirage-xen 3.4.0 dropped support for broken ones. Please don't hesitate to reply on-list or privately to security@xxxxxxxxx with any questions about this announcement. As always, if you think you have discovered a security vulnerability, please contact the MirageOS security team at security@xxxxxxxxx . A list of relevant announcements, including MSA02, is available at https://mirage.io/security . -- talex5 (GitHub/Twitter) http://roscidus.com/blog/ GPG: 5DD5 8D70 899C 454A 966D 6A51 7513 3C8F 94F6 E0CC Attachment:
02.txt.asc _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |