The Channel logo


By | Darren Pauli 25th September 2014 07:31

Xen security bug, you say? Amazon readies GLORIOUS GLOBAL CLOUD REBOOT

While we wait until Oct 1 for hypervisor fix

Amazon will tomorrow begin a bloody global reboot of its Elastic Compute Cloud (EC2) compute instances after it found a security bug within the Xen virtualisation platform.

The rolling minutes-long reboots would be completed by 30 September. Amazon did not name the reason for the upgrade, widely thought to be a security issue affecting underlying hosts.

Tech site ITNews cited an unnamed source who said the reboot was due to an unspecified vulnerability in the open-source Xen-108 platform. Later, Xen and Amazon confirmed a fix for a non-disclosed security flaw is due to be released on October 1.

Reboots made prior to the patch blitz would not guarantee connection to a patched host unlike previous maintenance updates.

Thorsten von Eicken, founder of Rightscale which manages AWS work loads, said EC2 users should monitor their 'events' page within the AWS console for the most reliable updates.

"For instances where a short reboot is safe and acceptable, you don’t need to do anything: They will simply reboot during maintenance and stay on the same host with the same ephemeral disks and the same IP address," von Eicken said.

"For databases, if you have set up the recommended master-slave configuration across AZs, you have the option to reboot the impacted AZ ahead of the maintenance window in an attempt to get an instance that is already patched."

Instance types including T1, T2, M2, R3, and HS1 were not affected. The reboots will occur during September 26 at 2:00 UTC/GMT (September 25, at 7:00 PM PDT) and ending on September 30, at 23:59 UTC/GMT (September 30, at 4:59 PM PDT). ®

comment icon Read 13 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe