Hi, Xen Security Advisories 410 and 411 came out of embargo today, after 2 weeks: https://xenbits.xen.org/xsa/ I've prepared updates for these and have been running them on test machines for nearly 2 weeks, but do not intend to force a reboot in order to deploy them on production machines. The reason for that is that the impact is denial of service but in our configuration it would be: a) only degraded performance, not overload to the point of unavailability; and b) noticed pretty quickly and offending VMs terminated The bugs are only exploitable by multiple VMs on the same machine acting together. In our setup the host machines have exclusive access to some number of CPU cores so guests can never starve the host machine of CPU. The fixes are ready to be included at next boot. Also disclosed today were XSA-409 which is only relevant to Arm architecture, and XSA-413 which is for XAPI, which we don't use. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting