[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] MirageOS Security Announcement 02: grant unshare vulnerability in mirage-xen versions < 3.3.0



All,

The MirageOS security team has published MirageOS Security
Announcement #02, a grant unshare vulnerability in mirage-xen versions
before 3.3.0, to the MirageOS website. The announcement can be found
at https://mirage.io/blog/MSA02 .  A copy signed with the security
team's key is also available in the mirage-www git repository
(https://raw.githubusercontent.com/mirage/mirage-www/master/tmpl/advisories/02.txt.asc)
, and attached to this email for your convenience.

The current release of qubes-mirage-firewall (v0.5) already has the
fixes, but if you are using an older release then you should upgrade
(see https://github.com/mirage/qubes-mirage-firewall). Note that
mirage-xen 3.3.0 was the first release to support fixed drivers, while
mirage-xen 3.4.0 dropped support for broken ones.

Please don't hesitate to reply on-list or privately to
security@xxxxxxxxx with any questions about this announcement.

As always, if you think you have discovered a security vulnerability,
please contact the MirageOS security team at security@xxxxxxxxx .

A list of relevant announcements, including MSA02, is available at
https://mirage.io/security .


-- 
talex5 (GitHub/Twitter)        http://roscidus.com/blog/
GPG: 5DD5 8D70 899C 454A 966D  6A51 7513 3C8F 94F6 E0CC

Attachment: 02.txt.asc
Description: Text document

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/mirageos-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.