XSA-108 and linode?

Is linode affected by the Xen security vuln that is currently unannounced (edit: but embargoed)? AWS is forcing reboots for customers over the next few days.

XSA-108

http://xenbits.xen.org/xsa/

8 Replies

Hard to know if they're affected by a security vulnerability that hasn't been announced. It could be in a component that Linode isn't using, or triggered by a use case that isn't relevant, or for a version of Xen that Linode isn't using…

@Guspaz:

Hard to know if they're affected by a security vulnerability that hasn't been announced.

Clarifying just for you: (Prereleased, but embargoed)

I see that they're on the predisclosure list:

http://www.xenproject.org/security-policy.html

Amazon is already requiring guest reboots… hopefully we can either start seeing similar or some official update as to why Linode is not vulnerable.

Linode Staff

Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris

Advisory has been released: http://xenbits.xen.org/xsa/advisory-108.html

@caker:

Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris
so is Linode VPS not affected ?

ok seems only x86 is vulnerable i believe https://www.webhostingtalk.com/showpost … stcount=13">https://www.webhostingtalk.com/showpost.php?p=9251678&postcount=13

> VULNERABLE SYSTEMS

==================

Xen 4.1 and onward are vulnerable.

Only x86 systems are vulnerable. ARM systems are not vulnerable.

MITIGATION

==========

Running only PV guests will avoid this vulnerability.

Only Xen HVM is affected. Linode uses PV.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct