The Xen Project released new Xen Security Advisories (XSAs) on 2020-12-15. The security of Qubes OS is affected by at least one of these XSAs. Therefore, user action is required.

XSAs that affect the security of Qubes OS (user action required)

The following XSAs do affect the security of Qubes OS:

  • XSA-115
  • XSA-325
  • XSA-350

Please see QSB-063 for the actions users must take in order to protect themselves, as well as further details about these XSAs.

XSAs that do not affect the security of Qubes OS (no user action required)

The following XSAs do not affect the security of Qubes OS, and no user action is necessary:

  • XSA-322 (domid reuse impractical in Qubes case)
  • XSA-323 (no oxenstored)
  • XSA-324 (DoS only)
  • XSA-330 (DoS only)
  • XSA-348 (DoS only)
  • XSA-349 (DoS only)
  • XSA-352 (no oxenstored)
  • XSA-353 (no oxenstored)
  • XSA-354 (DoS only)
  • XSA-356 (DoS only)
  • XSA-358 (DoS only)
  • XSA-359 (DoS only)