XSA-108 and linode?

Hard to know if they're affected by a security vulnerability that hasn't been announced. It could be in a component that Linode isn't using, or triggered by a use case that isn't relevant, or for a version of Xen that Linode isn't using…

@Guspaz:

Hard to know if they're affected by a security vulnerability that hasn't been announced.

Clarifying just for you: (Prereleased, but embargoed)

I see that they're on the predisclosure list:

http://www.xenproject.org/security-policy.html

Amazon is already requiring guest reboots… hopefully we can either start seeing similar or some official update as to why Linode is not vulnerable.

Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris

Advisory has been released: http://xenbits.xen.org/xsa/advisory-108.html

@caker:

Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris
so is Linode VPS not affected ?

ok seems only x86 is vulnerable i believe https://www.webhostingtalk.com/showpost … stcount=13">https://www.webhostingtalk.com/showpost.php?p=9251678&postcount=13

> VULNERABLE SYSTEMS

==================

Xen 4.1 and onward are vulnerable.

Only x86 systems are vulnerable. ARM systems are not vulnerable.

MITIGATION

==========

Running only PV guests will avoid this vulnerability.

Only Xen HVM is affected. Linode uses PV.