mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
115 lines
5.1 KiB
Markdown
115 lines
5.1 KiB
Markdown
---
|
|
layout: security
|
|
title: Xen Security Advisory (XSA) Tracker
|
|
permalink: /security/xsa/
|
|
---
|
|
|
|
Xen Security Advisory (XSA) Tracker
|
|
===================================
|
|
|
|
This tracker shows whether Qubes OS is affected by any given [Xen Security Advisory (XSA)][XSA].
|
|
Shortly after a new XSA is published, we will add a new row to this tracker.
|
|
Whenever Qubes is significantly affected by an XSA, a [Qubes Security Bulletin (QSB)][QSB] is published, and a link to that QSB is added to the row for the associated XSA.
|
|
|
|
Under the "Is Qubes Affected?" column, there are two possible values: **Yes** or **No**.
|
|
|
|
* **Yes** means that the *security* of Qubes OS *is* affected.
|
|
* **No** means that the *security* of Qubes OS is *not* affected.
|
|
|
|
|
|
Important Notes
|
|
---------------
|
|
* For the purpose of this tracker, we do *not* classify mere [denial-of-service (DoS) attacks][DoS] as affecting the *security* of Qubes OS.
|
|
Therefore, if an XSA pertains *only* to DoS attacks against Qubes, the value in the "Is Qubes Affected?" column will be **No**.
|
|
* For simplicity, we use the present tense ("is affected") throughout this page, but this does **not** necessarily mean that up-to-date Qubes installations are *currently* affected by any particular XSA.
|
|
In fact, it is extremely unlikely that any up-to-date Qubes installations are vulnerable to any XSAs on this page, since patches are almost always published concurrently with QSBs.
|
|
Please read the QSB (if any) for each XSA for patching details.
|
|
* Embargoed XSAs are excluded from this tracker until they are publicly released, since the [Xen Security Policy] does not permit us to state whether Qubes is affected prior to the embargo date.
|
|
* Unused XSA numbers are included in the tracker for the sake of completeness, but they are excluded from the [Statistics] section for the sake of accuracy.
|
|
* All dates are in UTC.
|
|
|
|
|
|
Statistics
|
|
----------
|
|
{% assign date_first = site.data.xsa.first.date %}
|
|
{% assign date_first_epoch = date_first | date: "%s" %}
|
|
{% assign date_last = site.data.xsa.last.date %}
|
|
{% assign date_last_epoch = date_last | date: "%s" %}
|
|
{% assign timespan_epoch = date_last_epoch | minus: date_first_epoch %}
|
|
{% assign timespan_human = timespan_epoch | divided_by: 31536000.0 | round: 1 %}
|
|
{% assign xsa_total = site.data.xsa | size | plus: 1.0 %}
|
|
{% assign xsa_unused = 0.0 %}
|
|
{% assign xsa_affected = 0.0 %}
|
|
{% for xsa in site.data.xsa %}
|
|
{% if xsa.affected == true %}
|
|
{% assign xsa_affected = xsa_affected | plus: 1.0 %}
|
|
{% endif %}
|
|
{% if xsa.unused == true %}
|
|
{% assign xsa_unused = xsa_unused | plus: 1.0 %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% assign xsa_used = xsa_total | minus: xsa_unused %}
|
|
{% assign affected_percentage = xsa_affected | divided_by: xsa_used | times: 100.0 | round: 2 %}
|
|
|
|
* Total time span: **{{ timespan_human }} years** ({{ date_first }} to {{ date_last }})
|
|
* Total XSAs published: **{{ xsa_used | round }}**
|
|
* Total XSAs affecting Qubes OS: **{{ xsa_affected | round }}**
|
|
* Percentage of XSAs affecting Qubes OS: **{{ affected_percentage }}%**
|
|
|
|
Tracker
|
|
-------
|
|
<table>
|
|
<tr class="center">
|
|
<th title="Anchor Link"><span class="fa fa-link"></span></th>
|
|
<th>Date</th>
|
|
<th title="Xen Security Advisory">XSA</th>
|
|
<th>Is Qubes Affected?</th>
|
|
</tr>
|
|
{% for xsa in site.data.xsa reversed %}
|
|
<tr id="{{ xsa.xsa }}">
|
|
<td><a href="#{{ xsa.xsa }}" class="fa fa-link black-icon" title="Anchor link to tracker row: XSA-{{ xsa.xsa }}"></a></td>
|
|
<td>{{ xsa.date }}</td>
|
|
<td>
|
|
<a title="Xen Security Advisory {{ xsa.xsa }}"
|
|
{% if xsa.xsa <= 25 %}
|
|
href="https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)"
|
|
{% else %}
|
|
href="https://xenbits.xen.org/xsa/advisory-{{ xsa.xsa }}.html"
|
|
{% endif %}>
|
|
XSA-{{ xsa.xsa }} <span class="fa fa-external-link"></span></a>
|
|
</td>
|
|
<td>
|
|
{% if xsa.affected == false %}
|
|
{% if xsa.unused %}
|
|
No (unused XSA number)
|
|
{% elsif xsa.mitigation %}
|
|
No (<a href="#{{ xsa.mitigation }}" title="No, the security of Qubes OS is not affected by XSA-{{ xsa.xsa }}. Click to read the explanation.">{{ xsa.mitigation }}</a>)
|
|
{% else %}
|
|
<span title="No, the security of Qubes OS is not affected by XSA-{{ xsa.xsa }}.">No</span>
|
|
{% endif %}
|
|
{% elsif xsa.affected == true %}
|
|
<span title="Yes, the security of Qubes OS is affected by XSA-{{ xsa.xsa }}.">Yes</span>
|
|
{% if xsa.qsb %}
|
|
| <a href="https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-{{ xsa.qsb }}.txt" title="Qubes Security Bulletin {{ xsa.qsb }}">QSB-{{ xsa.qsb }} <span class="fa fa-external-link"></span></a>
|
|
{% endif %}
|
|
{% elsif xsa.affected == "tba" %}
|
|
{% if xsa.tba %}
|
|
<a href="{{ xsa.tba }}" title="To be announced. Click for more information.">TBA <span class="fa fa-external-link"></span></a>
|
|
{% else %}
|
|
<span title="To be announced">TBA</span>
|
|
{% endif %}
|
|
{% else %}
|
|
{% endif %}
|
|
</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</table>
|
|
|
|
|
|
[XSA]: https://xenbits.xen.org/xsa/
|
|
[QSB]: /security/bulletins/
|
|
[DoS]: https://en.wikipedia.org/wiki/Denial-of-service_attack
|
|
[Xen Security Policy]: https://www.xenproject.org/security-policy.html
|
|
[Statistics]: #statistics
|
|
|