Xen vulnerability identified (December 2016)

Dec 13, 2016  - written by  in Cloud

A new and critical security vulnerability will soon be publicly announced on Wednesday December 21, 2016 and the corrective measures necessary to ensure the utmost security have already been communicated to Gandi by the Xen team.

Following this announcement, we have decided to upgrade to the new version of Xen virtualization software used on our platform, thereby further supplementing the security measures already in place. As such, besides eliminating possible future attack vectors, this update will also bring performance improvements as well including the possibility of deploying future security updates, in most cases, without having to resort to a stop/start of affected VMs.

We have contacted all impacted customers by email. Unfortunately, unlike with previous vulnerabilities, in this case we were unable to inform our customers of the issue sooner, resulting in less advance warning. However, please be aware that if you have not yet received any communication by email from us, then you were not affected by this vulnerability and maintenance.

On Wednesday December 21, 2016, between 06:00 and 09:00 UTC (i.e. 10:00 PM PST on Tuesday December 20, 2016, and 1:00 AM PST on Wednesday December 21, 2016), we will be automatically upgrading all affected servers. We will be doing our best to keep downtime as minimal as possible during this period.

We will also be sending a notification post-maintenance to all affected customers requesting them to verify all services hosted on their servers are up and running properly.

If you should still have questions or if you have any problems, you should of course feel free to contact our Customer care team.