Recent content by ProxmoxSecurityAdvisory

Subject: PSA-2025-00020-1: Missing protections against malicious backup clients with S3-backed datastores Advisory date: 2025-10-27 Packages: proxmox-backup-server Details: On datastores configured with an S3 backend, a malicious client could upload chunks with invalid metadata, including a...

Subject: PSA-2025-00019-1: Race condition during long-running garbage collection and pruning of recent snapshots may lead to back up corruption before Proxmox Backup Server 3.4 Advisory date: 2025-10-27 Packages: proxmox-backup-server Details: On certain setups running Proxmox Backup Server...

Subject: PSA-2025-00018-1: buffer overflow in vncterm/spiceterm handling of ANSI escape sequences Advisory date: 2025-09-22 Packages: vncterm, spiceterm Details: vncterm and spiceterm are utilies that are spawned when initiating a VNC or SPICE session, respectively, for accessing a node or...

Subject: PSA-2025-00017-1: pre-generated "snakeoil" certificate in container templates Advisory date: 2025-09-17 Packages: pve-container Details: Any Debian-based container template that includes the "ssl-cert" package contains a self-signed "snakeoil" certificate and its corresponding key...

Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape") Advisory date: 2025-09-17 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14 Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context...

Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape") Advisory date: 2025-09-17 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14 Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context...

Subject: PSA-2025-00016-1: Spectre branch target injection from VM guests ("VMScape") Advisory date: 2025-09-17 Packages: proxmox-kernel-6.8, proxmox-kernel-6.14 Details: Incomplete branch predictor isolation mechanisms allow exploitation of branch prediction across hypervisor/guest context...

Subject: PSA-2025-00015-1: stored XSS in config values Advisory date: 2025-09-04 Packages: pmg-gui Details: The HTTP proxy setting dialogue in the web interface was susceptible to XSS. Editing this setting is only available to users with admin level access. A related issue in the Proxmox VE...

Subject: PSA-2025-00014-1: stored XSS in config values Advisory date: 2025-08-14 Packages: proxmox-backup-server Details: The WebAuthN setting dialogue in the web interface was susceptible to XSS. Editing these settings requires root privileges. A related issue in the Proxmox VE code base...

Subject: PSA-2025-00013-1: stored XSS in config values Advisory date: 2025-08-14 Packages: pve-manager Details: The HTTP proxy, WebAuthN and U2F setting dialogues in the web interface were susceptible to XSS. Editing these settings requires the Sys.Modify privilege on the ACL path /, which is...

Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...

Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...

Subject: PSA-2025-00012-1: Incomplete exclusion of the NTFS module in Grub2 with Secure Boot Advisory date: 2025-07-10 Packages: grub-efi-amd64-signed 1+2.06+13+pmx6 Details: The NTFS fixes for the issues described in PSA-2025-00005-1 were reverted due to a regression. This was done under the...

Subject: PSA-2025-00011-1: Lack of support for OVS bridges in nftables-based firewall (tech-preview) Advisory date: 2025-07-09 Packages: pve-firewall/qemu-server/pve-container Details: When using the optional nftables-based firewall implementation, OVS bridges used for guest vNICs where not...

Subject: PSA-2025-00010-1: libtpms0/swtpm out of bounds read vulnerability Advisory date: 2025-06-23 Packages: libtpms0 Details: libtpms, a library for integrating TPM functionality into QEMU was affected by an out of bounds read vulnerability that could be used to trigger an abort of swtpm...