read: http://www.xenproject.org/security-policy.html they have a sensible, commonly used security policy that involves private notification to large customers in advance where it is practical and there is not evidence of ongoing exploits in the wild. this is kind of incident handling 101 and shouldn't be surprising to anyone. t On Wed, Oct 1, 2014 at 4:38 PM, Bryan Fullerton <fehwalker@gmail.com> wrote:
On 01/10/2014 4:29 PM, Matt Palmer wrote:
On Wed, Oct 01, 2014 at 11:01:37AM -0700, Grant Ridder wrote:
For those interested, this is the Xen bug they were fixing with the reboots http://xenbits.xen.org/xsa/advisory-108.html
Ouch. Good thing Bashpocalypse is still capturing everyone's attention...
Interestingly, Amazon *didn't* discover this bug, which makes one wonder why they, out of all the big Xen-based providers out there, got a heads-up in advance of the embargo end. If I was a big provider who didn't get advance notice, I'd be somewhat miffed.
Rackspace did reboots over the weekend for this as well - http://www.rackspace.com/blog/an-apology/
Bryan
--- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com