Xen security vulnerability XSA-108 26 Sep 14
We’ve had a few queries about an upcoming Xen security vulnerability announcement (XSA-108). Amazon have been reportedly forcing reboots of some of their EC2 instances, citing some Xen security updates but the exact details are currently not public, but Xen have an upcoming advisory listed as embargoed until October 1st.
There are several fully public Xen vulnerabilities that were published recently that affect only HVM guests, which Amazon use but we do not (we use PV guests only). We suspect the upcoming vulnerability will likely be related to HVM guests only and will not affect Brightbox.
However, we’re monitoring the situation and are making preparations for the possibility that we are affected. Once details are public next week, we’ll announce our plans.
UPDATE: As we suspected, the XSA-108 applies only to HVM guests and not PV guests. This means the Brightbox Ruby platform is not affected by this security bug. The Brightbox Cloud platform uses an entirely different virtualisation system (KVM) so is also unaffected by this.