Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigsz474vwlb6hjsir3nvdndrwchyrowi7xvfqkanyorsyped6onp4",
    "uri": "at://did:plc:tbmtcn43xue4jfcq7viopfmc/app.bsky.feed.post/3mnvaglyp32n2"
  },
  "path": "/news/2026/06/09/xsas-released-on-2026-06-09/",
  "publishedAt": "2026-06-09T00:00:00.000Z",
  "site": "https://www.qubes-os.org",
  "tags": [
    "security",
    "Xen Project",
    "Xen security advisories (XSAs)",
    "XSA-491",
    "QSB-115",
    "XSA-492",
    "XSA-493",
    "XSA-494",
    "Xen hypervisor",
    "architecture",
    "Xen security advisory (XSA)",
    "Qubes security bulletin (QSB)",
    "XSA tracker"
  ],
  "textContent": "The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS **is affected**.\n\n## XSAs that DO affect the security of Qubes OS\n\nThe following XSAs **do affect** the security of Qubes OS:\n\n  * XSA-491: See QSB-115.\n\n\n\n## XSAs that DO NOT affect the security of Qubes OS\n\nThe following XSAs **do not affect** the security of Qubes OS, and no user action is necessary:\n\n  * XSA-492: Denial of service only\n  * XSA-493: Only Arm systems are affected. Qubes OS does not run on Arm systems.\n  * XSA-494: Shadow paging is disabled in Qubes OS at build time.\n\n\n\n## About this announcement\n\nQubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.) However, QSBs can provide only _positive_ confirmation that certain XSAs _do_ affect the security of Qubes OS. QSBs cannot provide _negative_ confirmation that other XSAs do _not_ affect the security of Qubes OS. Therefore, we also maintain an XSA tracker, which is a comprehensive list of all XSAs publicly disclosed to date, including whether each one affects the security of Qubes OS. When new XSAs are published, we add them to the XSA tracker and publish a notice like this one in order to inform Qubes users that a new batch of XSAs has been released and whether each one affects the security of Qubes OS.",
  "title": "XSAs released on 2026-06-09"
}