On 11/14/19 7:28 AM, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2019-11-13 12:40 PM, Lorenzo Lamas wrote:
There are 2 new vulnerabilities in Intel CPU's, also affecting Xen.
Xen has issued XSA-304(CVE-2018-12207) and XSA 305(CVE-2019-11135).
Is the Qubes team aware yet? I haven't seen a new QSB.
Yes, we're aware. We're currently in the process of preparing
announcements about these XSAs.
Typically, XSAs have a predisclosure period, during which the XSA is
embargoed, and the Qubes Security Team has time to analyze it and
prepare patches and an announcement. However, these XSAs had no
embargo period, so the Qubes Security Team had no advance notice of
them before they were publicly announced.
The researchers behind these MDS vuln disclosures were being strung
along by Intel, who kept changing embargo dates. Eventually they decided
to simply publish because the proposed patches from Intel were not
addressing a large number of possible attacks.
I have summary, links and some advice here:
https://groups.google.com/d/msgid/qubes-users/85c426f7-7e17-b1ab-87c3-71f92d169955%40posteo.net
In short, Intel have played a monopolist's game and delivered products
that match; Its much better (and simpler) for people to move to AMD at
least for the time being. It would help if the Qubes community had some
clear AMD choices.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f82a8a41-2bd1-84de-fcfa-61b5e4fa744a%40posteo.net.