'[qubes-users] XSAs released on 2023-08-01'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    [qubes-users] XSAs released on 2023-08-01
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2023-08-02 1:31:30
Message-ID: d78c1ed3-28ce-6134-1ad9-074cdc1f477d () qubes-os ! org
[Download RAW message or body]

Dear Qubes Community,

The [Xen Project](https://xenproject.org/) has released one or more [Xen security \
advisories (XSAs)](https://xenbits.xen.org/xsa/). The security of Qubes OS *is not \
affected*. Therefore, *no user action is required*.

## XSAs that DO affect the security of Qubes OS

The following XSAs *do affect* the security of Qubes OS:

- (none)

## XSAs that DO NOT affect the security of Qubes OS

The following XSAs *do not affect* the security of Qubes OS, and no user action is \
necessary:

- [XSA-436](https://xenbits.xen.org/xsa/advisory-436.html)
  - This affects only ARM processors, which Qubes OS does not support.

## About this announcement

Qubes OS uses the [Xen \
hypervisor](https://wiki.xenproject.org/wiki/Xen_Project_Software_Overview) as part \
of its [architecture](https://www.qubes-os.org/doc/architecture/). When the [Xen \
Project](https://xenproject.org/) publicly discloses a vulnerability in the Xen \
hypervisor, they issue a notice called a [Xen security advisory \
(XSA)](https://xenproject.org/developers/security-policy/). Vulnerabilities in the \
Xen hypervisor sometimes have security implications for Qubes OS. When they do, we \
issue a notice called a [Qubes security bulletin \
(QSB)](https://www.qubes-os.org/security/qsb/). (QSBs are also issued for non-Xen \
vulnerabilities.) However, QSBs can provide only *positive* confirmation that certain \
XSAs *do* affect the security of Qubes OS. QSBs cannot provide *negative* \
confirmation that other XSAs do *not* affect the security of Qubes OS. Therefore, we \
also maintain an [XSA tracker](https://www.qubes-os.org/security/xsa/), which is a \
comprehensive list of all XSAs publicly disclosed to date, including whether each one \
affects the security of Qubes OS. When new XSAs are published, we add them to the XSA \
tracker and publish a notice like this one in order to inform Qubes users that a new \
batch of XSAs has been released and whether each one affects the security of Qubes \
OS.


This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2023/08/01/xsas-released-on-2023-08-01/

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/d78c1ed3-28ce-6134-1ad9-074cdc1f477d%40qubes-os.org.



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic