2017-03-18 22:30:04 -04:00
|
|
|
---
|
2021-03-13 13:06:18 -05:00
|
|
|
lang: en
|
2019-05-26 21:04:23 -04:00
|
|
|
layout: doc
|
2021-06-16 22:56:25 -04:00
|
|
|
permalink: /security/xsa/
|
2021-03-13 13:06:18 -05:00
|
|
|
ref: 214
|
2021-07-09 08:10:44 -04:00
|
|
|
title: Xen security advisory (XSA) tracker
|
2017-03-18 22:30:04 -04:00
|
|
|
---
|
|
|
|
|
|
2021-08-07 08:03:00 -04:00
|
|
|
This tracker shows whether Qubes OS is affected by any given [Xen security
|
|
|
|
|
advisory (XSA)](https://xenbits.xen.org/xsa/). Shortly after a new XSA is
|
2021-06-18 09:25:06 -04:00
|
|
|
published, we will add a new row to this tracker. Whenever Qubes is
|
2021-08-07 08:03:00 -04:00
|
|
|
significantly affected by an XSA, a [Qubes security bulletin
|
2021-06-22 13:50:12 -04:00
|
|
|
(QSB)](/security/qsb/) is published, and a link to that QSB is added to
|
2021-06-18 09:25:06 -04:00
|
|
|
the row for the associated XSA.
|
2017-03-18 22:30:04 -04:00
|
|
|
|
2021-06-18 09:25:06 -04:00
|
|
|
Under the "Is Qubes Affected?" column, there are two possible values: **Yes**
|
|
|
|
|
or **No**.
|
2017-03-19 03:20:38 -04:00
|
|
|
|
2017-03-21 01:05:53 -04:00
|
|
|
* **Yes** means that the *security* of Qubes OS *is* affected.
|
|
|
|
|
* **No** means that the *security* of Qubes OS is *not* affected.
|
|
|
|
|
|
2021-08-07 08:03:00 -04:00
|
|
|
## Important notes
|
2021-03-13 12:03:23 -05:00
|
|
|
|
2021-06-18 09:25:06 -04:00
|
|
|
* For the purpose of this tracker, we do *not* classify mere [denial-of-service
|
|
|
|
|
(DoS) attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack) as
|
|
|
|
|
affecting the *security* of Qubes OS. Therefore, if an XSA pertains *only* to
|
|
|
|
|
DoS attacks against Qubes, the value in the "Is Qubes Affected?" column will
|
|
|
|
|
be **No**.
|
|
|
|
|
* For simplicity, we use the present tense ("is affected") throughout this
|
|
|
|
|
page, but this does **not** necessarily mean that up-to-date Qubes
|
|
|
|
|
installations are *currently* affected by any particular XSA. In fact, it is
|
|
|
|
|
extremely unlikely that any up-to-date Qubes installations are vulnerable to
|
|
|
|
|
any XSAs on this page, since patches are almost always published concurrently
|
|
|
|
|
with QSBs. Please read the QSB (if any) for each XSA for patching details.
|
|
|
|
|
* Embargoed XSAs are excluded from this tracker until they are publicly
|
2021-08-07 08:03:00 -04:00
|
|
|
released, since the [Xen security
|
|
|
|
|
policy](https://www.xenproject.org/security-policy.html) does not permit us
|
2021-06-18 09:25:06 -04:00
|
|
|
to state whether Qubes is affected prior to the embargo date.
|
|
|
|
|
* Unused and withdrawn XSA numbers are included in the tracker for the sake of
|
2021-08-07 08:03:00 -04:00
|
|
|
completeness, but they are excluded from the [statistics](#statistics)
|
2021-06-18 09:25:06 -04:00
|
|
|
section for the sake of accuracy.
|
2017-03-20 23:37:42 -04:00
|
|
|
* All dates are in UTC.
|
