Hello,
As you're probably aware, it turns out that pretty much every CPU
made in the last 10 years is broken, and while this affects almost
all computers, this is going to have a particularly nasty effect on
virtualisation providers such as BitFolk.
The Xen project last night released the first version of their
advisory which is XSA-254:
https://xenbits.xen.org/xsa/advisory-254.html
This is with no embargo, because the original embargo had to be
abandoned by the discoverers of the bugs.
As you can see, unfortunately the Xen project have no resolutions
for any of this available as yet.
There's three different issues here:
1. SP1/Spectre (CVE-2017-5753)
2. SP2/Spectre (CVE-2017-5715)
3. SP3/Meltdown (CVE-2017-5754)
There isn't any known resolution for (1) yet.
Xen are working on mitigations for (2).
It's possible to avoid (3) by going to HVM mode, but that is a huge
change that brings other problems with it. It can also be avoided by
running in PVH mode, but very few guest kernels will be new enough
to support that. Xen are hoping to come up with a way to run
PV-inside-PVH but they're not ready with that yet.
There will likely be other strategies to fix or mitigate these
issues in the coming days.
So I'm afraid there currently is no concrete plan because there is
very little information available yet. All I can tell you is that
there will be a need for short-notice reboots to apply relevant
fixes. I will post again when there is any useful information.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce