Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
reaktor
 Post subject: XSA-108 and linode?
PostPosted: Thu Sep 25, 2014 10:15 am 
Offline
Senior Member

Joined: Sat Jun 12, 2010 4:53 pm
Posts: 77
Is linode affected by the Xen security vuln that is currently unannounced (edit: but embargoed)? AWS is forcing reboots for customers over the next few days.

XSA-108

http://xenbits.xen.org/xsa/


Last edited by reaktor on Thu Sep 25, 2014 10:56 am, edited 2 times in total.

Top
   
Reply with quote  
Guspaz
 Post subject: Re: XSA-108 and linode?
PostPosted: Thu Sep 25, 2014 10:33 am 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
Hard to know if they're affected by a security vulnerability that hasn't been announced. It could be in a component that Linode isn't using, or triggered by a use case that isn't relevant, or for a version of Xen that Linode isn't using...
Top
   
Reply with quote  
reaktor
 Post subject: Re: XSA-108 and linode?
PostPosted: Thu Sep 25, 2014 11:30 am 
Offline
Senior Member

Joined: Sat Jun 12, 2010 4:53 pm
Posts: 77
Guspaz wrote:
Hard to know if they're affected by a security vulnerability that hasn't been announced.


Clarifying just for you: (Prereleased, but embargoed)
Top
   
Reply with quote  
mmagin
 Post subject: Re: XSA-108 and linode?
PostPosted: Thu Sep 25, 2014 12:16 pm 
Offline

Joined: Thu Sep 25, 2014 12:14 pm
Posts: 1
I see that they're on the predisclosure list:
http://www.xenproject.org/security-policy.html

Amazon is already requiring guest reboots... hopefully we can either start seeing similar or some official update as to why Linode is not vulnerable.
Top
   
Reply with quote  
caker
 Post subject: Re: XSA-108 and linode?
PostPosted: Thu Sep 25, 2014 1:26 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris
Top
   
Reply with quote  
padders
 Post subject: Re: XSA-108 and linode?
PostPosted: Wed Oct 01, 2014 8:22 am 
Offline
Newbie

Joined: Tue Jan 07, 2014 8:19 am
Posts: 2
Advisory has been released: http://xenbits.xen.org/xsa/advisory-108.html
Top
   
Reply with quote  
centminmod
 Post subject: Re: XSA-108 and linode?
PostPosted: Wed Oct 01, 2014 1:44 pm 
Offline
Junior Member

Joined: Tue Apr 01, 2014 12:45 pm
Posts: 29
Website: http://centminmod.com
Location: Brisbane, Australia
caker wrote:
Hello,

We have neither a requirement, nor any plans to perform a rebooting of Linode hosts, on any scale, in the near term.

Carry on!

-Chris

so is Linode VPS not affected ?

_________________
* Centmin Mod Nginx menu based auto installer (Nginx, PHP-FPM, MariaDB MySQL) :: Centmin Mod LEMP Stack - What's New
Top
   
Reply with quote  
centminmod
 Post subject: Re: XSA-108 and linode?
PostPosted: Wed Oct 01, 2014 1:46 pm 
Offline
Junior Member

Joined: Tue Apr 01, 2014 12:45 pm
Posts: 29
Website: http://centminmod.com
Location: Brisbane, Australia
ok seems only x86 is vulnerable i believe https://www.webhostingtalk.com/showpost ... stcount=13

Quote:
VULNERABLE SYSTEMS
==================

Xen 4.1 and onward are vulnerable.

Only x86 systems are vulnerable. ARM systems are not vulnerable.

MITIGATION
==========

Running only PV guests will avoid this vulnerability.

_________________
* Centmin Mod Nginx menu based auto installer (Nginx, PHP-FPM, MariaDB MySQL) :: Centmin Mod LEMP Stack - What's New
Top
   
Reply with quote  
pclissold
 Post subject: Re: XSA-108 and linode?
PostPosted: Thu Oct 02, 2014 2:28 am 
Offline
Senior Member
User avatar

Joined: Fri Oct 24, 2003 3:51 pm
Posts: 965
Location: Netherlands
Only Xen HVM is affected. Linode uses PV.

_________________
/ Peter
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group