XSAs 286, 331, 332, and 345 do not affect the security of Qubes OS

8 views

Skip to first unread message

unread,

Oct 20, 2020, 6:01:00 PM10/20/20

to qubes...@googlegroups.com, qubes...@googlegroups.com

Dear Qubes Community,

The Xen Project has published the following Xen Security Advisories:
XSA-286, XSA-331, XSA-332, and XSA-345. These XSAs do *not* affect the
security of Qubes OS, and no user action is necessary.

*Special note:* Although XSA-345 is included in QSB #060 [1], we do not
consider XSA-345 to affect the security of Qubes OS, since the default
configuration is safe, and we have already implemented appropriate
safeguards to prevent users from changing to a vulnerable configuration
by accident. Please see the Impact section of QSB #060 [1] for further
details.

[1] https://www.qubes-os.org/news/2020/10/20/qsb-060/

These XSAs have been added to the XSA Tracker:

https://www.qubes-os.org/security/xsa/#286
https://www.qubes-os.org/security/xsa/#331
https://www.qubes-os.org/security/xsa/#332
https://www.qubes-os.org/security/xsa/#345

This announcement is also available on the Qubes website:

https://www.qubes-os.org/news/2020/10/20/xsa-286-331-332-345-qubes-not-affected/

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org