Skip to main content
View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Explore Blog
Categories
14
  1. Cloud Consulting Services
    4
  2. Cloud Overviews
    50
  3. Compute
    15
  4. Containers (Kubernetes, Docker)
    33
  5. Databases
    19
  6. Developer Tools
    37
  7. Linode
    254
  8. Linux
    69
  9. Multicloud
    4
  10. Networking
    32
  11. Open Source
    6
  12. Partner Network
    7
  13. Security
    60
  14. Storage
    22
Authors 53
  1. Austin Gil 1
  2. Abe Massry 2
  3. Al Newkirk 1
  4. Alexander Newnham 2
  5. Andrew Sauber 1
  6. Andrew Stebbins 2
  7. Andy Stevens 5
  8. Bradley LaBoon 1
  9. Blair Lyon 11
  10. Billy Thompson 10
  11. Christopher Aker 176
  12. Cassie Bubnis 1
  13. Daniele Polencic 4
  14. David Monschein 2
  15. David Rodriguez 1
  16. Dan Spataro 2
  17. Elvis Segura 1
  18. Gardiner Bryant 1
  19. Holden Morris 4
  20. Hillary Wilmoth 67
  21. Jim Ackley 5
  22. Jessica Capuano Mora 1
  23. Justin Cobbett 15
  24. Jon Frederickson 1
  25. Jonathan Hill 2
  26. Justin Mitchel 4
  27. James Steel 5
  28. Jamie Sherkness 8
  29. Linode 52
  30. Linode Events 8
  31. The Linode Security Team 122
  32. The Linode Network & Security Teams 1
  33. LINQ 1
  34. Leslie Salazar 1
  35. Michelle Berg 1
  36. Mitch Donaberger 1
  37. Mike Fischler 1
  38. Mike Maney 10
  39. Maddie Presland 18
  40. Mike Quatrani 4
  41. Nathan Melehan 2
  42. Nigel Poulton 1
  43. Prasoon Pushkar 1
  44. Rick Myers 7
  45. Richard Tubb 1
  46. Sal Carrasco 1
  47. Salman Iqbal 1
  48. Shawn Michels 1
  49. Linode Support 13
  50. Tom Asaro 18
  51. Travis Baka 1
  52. Talia Nassi 8
  53. Yuri Goldfeld 1
BlogLinuxXen Security Advisories and How We Handled Them

Xen Security Advisories and How We Handled Them

Christopher Aker
Christopher Aker
June 13, 2012

The Xen security team recently made public three security advisories regarding the Xen Hypervisor. Linode customers are not affected by the issues outlined in the advisories due to proactive maintenance performed by Linode over the past few weeks.

  • XSA-7 – 64-bit PV guest privilege escalation vulnerability
  • XSA-8 – guest denial of service on syscall/sysenter exception generation
  • XSA-9 – PV guest host Denial of Service (AMD erratum #121)

The Xen blog has a really nice writeup on the issue.

Having to deal with advisories like these is just part of our industry. One of our challenges in just about everything is our scale. Suddenly a required update means wrangling thousands of machines and causing a huge disruption for our customers.

These specific advisories had the potential to affect our entire fleet, however we were able to devise a clever plan which put the number of affected Linodes into the minority. The plan combined: 1) A rush to deploy additional capacity reserves across all facilities 2) a reboot/upgrade of only the hosts that would recover the most capacity, and 3) an automated migration queue of only the remaining affected Linodes onto the good capacity. As a result, the majority of customers were unaffected by this maintenance.

Almost everyone in the entire company had a hand in this effort – kudos to the entire team for making this as seamless and streamlined as possible.

-Chris

You might also like...

The lsof Command with Jay LaCroix

List Open Files and Users Accessing Them on Your System | Using lsof for System Administration

In this video, Jay breaks down the lsof command and unmasks hidden processes by showing you open files and users utilizing them.
Linux
Jay LaCroix and Linux Instance Hardware Commands

Linux Hardware Commands | How To Inspect Hardware on A Linux Instance

In this video, Jay explains various hardware commands to use on your Linux command line, such as lsusb, lspci, lshw, lscpu and lsblk.
Linux
Using the top Command with Jay LaCroix

Understanding Linux System Performance | The Top Command

In this video, @LearnLinuxTV explains the top command, a useful tool for displaying Linux system information and processes.
Linux

Comments (11)

  1. Author Photo
    Keith

    Awesome work, Linode!

    Reply
  2. Author Photo
    Mathieu Bourgie

    This is exactly why I’m with Linode. You guys take care of things seamlessly and I don’t have to worry about my server 🙂

    Keep up the excellent work Linode!

    Reply
  3. Author Photo
    Anurag

    A pat on the back for the team!

    Reply
  4. Author Photo
    Jordan

    Nice – I never even noticed.

    Reply
  5. Author Photo
    Jeremy

    Thank you Linode, you handled this very nicely.

    Reply
  6. Author Photo
    Michael

    It had a very modest impact on us, but we did wonder why only a small percentage of our linodes were affected by what we deduced was a security patch. Thanks for the explanation.

    Reply
  7. Author Photo
    Matt

    Well done Linode, awesome!

    Reply
  8. Author Photo
    WindPower

    Well done, and happy almost-birthday Linode!

    Reply
  9. Author Photo
    Nick Kampe

    Nice, I think you handled this well, however, my systems administrator does not.

    Reply
  10. Author Photo
    kuteninja

    Awesome work, couldn’t love you guys more

    Reply
  11. Author Photo
    Matt Rosin

    Undiluted, pure awesomeness.
    Consistent excellence!
    I read about the vulnerability on Slashdot, clicked over to Linode and “yup it’s already fixed”. There is a huge amount of dedication and effort over time that enables you to say that.
    I thank my lucky stars the day I joined Linode.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *