[qubes-users] QSB-068: Disconnecting a video output can cause XScreenSaver to crash

Dear Qubes Community,

We have just published Qubes Security Bulletin (QSB) 068: Disconnecting a video output can cause XScreenSaver to crash. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB-068 in the qubes-secpack:

Learn about the qubes-secpack, including how to obtain, verify, and read it:

View all past QSBs:


              ---===[ Qubes Security Bulletin 068 ]===---


      Disconnecting a video output can cause XScreenSaver to crash

User action required


User action required

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

For Qubes 4.0, in dom0:
- xscreensaver 5.45-5

For Qubes 4.1, in dom0:
- xscreensaver 5.45-5


When updating today, there was no update selected; only these:
   Upgrading : xen-licenses-2001:4.8.5-32.fc25.x86_64
   Upgrading : xen-libs-2001:4.8.5-32.fc25.x86_64
   Upgrading : qubes-libvchan-xen-4.0.9-1.fc25.x86_64
   Upgrading : qubes-utils-libs-4.0.33-1.fc25.x86_64
   Upgrading : xen-hypervisor-2001:4.8.5-32.fc25.x86_64
   Upgrading : xen-runtime-2001:4.8.5-32.fc25.x86_64
   Upgrading : python3-qubesimgconverter-4.0.33-1.fc25.x86_64
   Upgrading : qubes-utils-4.0.33-1.fc25.x86_64
   Upgrading : xen-hvm-2001:4.8.5-32.fc25.x86_64
   Upgrading : xen-2001:4.8.5-32.fc25.x86_64
   Upgrading : python3-xen-2001:4.8.5-32.fc25.x86_64
   Upgrading : qubes-release-notes-4.0-10.noarch
   Upgrading : qubes-release-4.0-10.noarch
   Upgrading : qubes-mgmt-salt-base-topd-4.0.2-1.fc25.noarch

What could be wrong?


You probably already installed the update without knowing it. What is the output of `sudo dnf info xscreensaver-base` in dom0?