Updates and releases
Discovery of a Xen vulnerability (November 2016)
A critical security issue in the Xen virtualization software will become public on Tuesday, November 22nd 2016. The Xen team has already informed Gandi of the necessary patches.
Following this announcement, we have pre-emptively deployed the patches required to correct the issue. We have been monitoring the particular security flaw, and have determined that we will need to stop/start certain Xen VMs in order to assure that no further attack vector remains.
We will be contacting the affected customers by email in order to allow them to sufficiently prepare for this stop/start. Those of you who do not receive any message from us about needing to stop and start your VM are therefore unaffected.
In order to minimize downtime and the impact in general, we advise all affected customers to perform a stop/start of their platforms sometime between now and November 22, 2016.
Warning: a simple “reboot” of the concerned servers is not enough. They must be stopped and started in order to apply the security measures.
Any affected VMs that you have not yet been stopped and started prior to the maintenance will be automatically stopped and started by us on November 22 at 3:00 AM PST (11:00 UTC). Please expect around 30 minutes of downtime per stop/start.
As always, if you have any questions or need of assistance, please do not hesitate to contact our Customer care team.
Tagged in Cloud
