On 11/14/19 7:28 AM, Andrew David Wong wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2019-11-13 12:40 PM, Lorenzo Lamas wrote:
There are 2 new vulnerabilities in Intel CPU's, also affecting Xen.
Xen has issued XSA-304(CVE-2018-12207) and XSA 305(CVE-2019-11135).
Is the Qubes team aware yet? I haven't seen a new QSB.


Yes, we're aware. We're currently in the process of preparing
announcements about these XSAs.

Typically, XSAs have a predisclosure period, during which the XSA is
embargoed, and the Qubes Security Team has time to analyze it and
prepare patches and an announcement. However, these XSAs had no
embargo period, so the Qubes Security Team had no advance notice of
them before they were publicly announced.

The researchers behind these MDS vuln disclosures were being strung along by Intel, who kept changing embargo dates. Eventually they decided to simply publish because the proposed patches from Intel were not addressing a large number of possible attacks.

I have summary, links and some advice here:
https://groups.google.com/d/msgid/qubes-users/85c426f7-7e17-b1ab-87c3-71f92d169955%40posteo.net

In short, Intel have played a monopolist's game and delivered products that match; Its much better (and simpler) for people to move to AMD at least for the time being. It would help if the Qubes community had some clear AMD choices.

--

Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f82a8a41-2bd1-84de-fcfa-61b5e4fa744a%40posteo.net.

Reply via email to