XSAs released on 2022-11-01
2 views
Skip to first unread message
Andrew David Wong
Nov 1, 2022, 5:12:00 PM11/1/22
to qubes-devel, qubes-users
Dear Qubes Community,
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS *is affected*.
Therefore, *user action is required*.
## XSAs that DO affect the security of Qubes OS
The following XSAs *do affect* the security of Qubes OS:
- XSA-414
Please see [QSB-085](https://www.qubes-os.org/news/2022/11/01/qsb-085/) for further details.
## XSAs that DO NOT affect the security of Qubes OS
The following XSAs *do not affect* the security of Qubes OS, and no user action is necessary:
- XSA-326 (denial-of-service only)
- XSA-412 (affects only version 4.16)
- XSA-415 (denial-of-service only)
- XSA-416 (denial-of-service only)
- XSA-417 (domid is never reused)
- XSA-418 (denial-of-service only)
- XSA-419 (denial-of-service only)
- XSA-420 (oxenstored is not used in Qubes OS)
- XSA-421 (denial-of-service only)
## Related links
- [Xen XSA list](https://xenbits.xen.org/xsa/)
- [Qubes XSA tracker](https://www.qubes-os.org/security/xsa/)
- [Qubes security pack (qubes-secpack)](https://www.qubes-os.org/security/pack/)
- [Qubes security bulletins (QSBs)](https://www.qubes-os.org/security/qsb/)
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2022/11/01/xsas-released-on-2022-11-01/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS *is affected*.
Therefore, *user action is required*.
## XSAs that DO affect the security of Qubes OS
The following XSAs *do affect* the security of Qubes OS:
- XSA-414
Please see [QSB-085](https://www.qubes-os.org/news/2022/11/01/qsb-085/) for further details.
## XSAs that DO NOT affect the security of Qubes OS
The following XSAs *do not affect* the security of Qubes OS, and no user action is necessary:
- XSA-326 (denial-of-service only)
- XSA-412 (affects only version 4.16)
- XSA-415 (denial-of-service only)
- XSA-416 (denial-of-service only)
- XSA-417 (domid is never reused)
- XSA-418 (denial-of-service only)
- XSA-419 (denial-of-service only)
- XSA-420 (oxenstored is not used in Qubes OS)
- XSA-421 (denial-of-service only)
## Related links
- [Xen XSA list](https://xenbits.xen.org/xsa/)
- [Qubes XSA tracker](https://www.qubes-os.org/security/xsa/)
- [Qubes security pack (qubes-secpack)](https://www.qubes-os.org/security/pack/)
- [Qubes security bulletins (QSBs)](https://www.qubes-os.org/security/qsb/)
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2022/11/01/xsas-released-on-2022-11-01/
Reply all
Reply to author
Forward
0 new messages