The Xen Project has published Xen Security Advisory 289 (XSA-289). This XSA does not affect the security of Qubes OS, and no user action is necessary.

XSA-289 is unusual in that it does not disclose any new vulnerabilities. Rather, it is only for the purpose of providing information about previously-disclosed vulnerabilities. These vulnerabilities were all patched in Qubes OS as part of QSB #43, which we published on 2018-09-02. Therefore, XSA-289 does not affect the security of updated Qubes OS installations.

This XSA has been added to the XSA Tracker: