Dear Qubes Community,
The Xen Project released new Xen Security Advisories (XSAs) on 2020-12-15.
The security of Qubes OS *is affected* by at least one of these XSAs.
Therefore, *user action is required*.
XSAs that affect the security of Qubes OS (user action required)
----------------------------------------------------------------
The following XSAs *do affect* the security of Qubes OS:
- XSA-115
- XSA-325
- XSA-350
Please see QSB-063 for the actions users must take in order to protect
themselves, as well as further details about these XSAs:
https://www.qubes-os.org/news/2020/12/16/qsb-063/
XSAs that do not affect the security of Qubes OS (no user action required)
--------------------------------------------------------------------------
The following XSAs *do not affect* the security of Qubes OS, and no user
action is necessary:
- XSA-322 (domid reuse impractical in Qubes case)
- XSA-323 (no oxenstored)
- XSA-324 (DoS only)
- XSA-330 (DoS only)
- XSA-348 (DoS only)
- XSA-349 (DoS only)
- XSA-352 (no oxenstored)
- XSA-353 (no oxenstored)
- XSA-354 (DoS only)
- XSA-356 (DoS only)
- XSA-358 (DoS only)
- XSA-359 (DoS only)
Related links
-------------
- Qubes Security Pack (qubes-secpack):
https://www.qubes-os.org/security/pack/
- Qubes Security Bulletins (QSBs):
https://www.qubes-os.org/security/bulletins/
- XSA Tracker:
https://www.qubes-os.org/security/xsa/
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2020/12/16/xsas-released-on-2020-12-15/
--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org