Dear Qubes Community,
The [Xen Project](https://xenproject.org/) has released one or more [Xen
security advisories (XSAs)](https://xenbits.xen.org/xsa/).
The security of Qubes OS *is not affected*.
Therefore, *no user action is required*.
## XSAs that DO affect the security of Qubes OS
The following XSAs *do affect* the security of Qubes OS:
- (none)
## XSAs that DO NOT affect the security of Qubes OS
The following XSAs *do not affect* the security of Qubes OS, and no user action
is necessary:
- [XSA-436](https://xenbits.xen.org/xsa/advisory-436.html)
- This affects only ARM processors, which Qubes OS does not support.
## About this announcement
Qubes OS uses the [Xen
hypervisor](https://wiki.xenproject.org/wiki/Xen_Project_Software_Overview) as
part of its [architecture](https://www.qubes-os.org/doc/architecture/). When
the [Xen Project](https://xenproject.org/) publicly discloses a vulnerability
in the Xen hypervisor, they issue a notice called a [Xen security advisory
(XSA)](https://xenproject.org/developers/security-policy/). Vulnerabilities in
the Xen hypervisor sometimes have security implications for Qubes OS. When they
do, we issue a notice called a [Qubes security bulletin
(QSB)](https://www.qubes-os.org/security/qsb/). (QSBs are also issued for
non-Xen vulnerabilities.) However, QSBs can provide only *positive*
confirmation that certain XSAs *do* affect the security of Qubes OS. QSBs
cannot provide *negative* confirmation that other XSAs do *not* affect the
security of Qubes OS. Therefore, we also maintain an [XSA
tracker](https://www.qubes-os.org/security/xsa/), which is a comprehensive list
of all XSAs publicly disclosed to date, including whether each one affects the
security of Qubes OS. When new XSAs are published, we add them to the XSA
tracker and publish a notice like this one in order to inform Qubes users that
a new batch of XSAs has been released and whether each one affects the security
of Qubes OS.
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2023/08/01/xsas-released-on-2023-08-01/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d78c1ed3-28ce-6134-1ad9-074cdc1f477d%40qubes-os.org.