A new critical security vulnerability will be publicly announced Thursday, October 29. The Xen team has already communicated fixes to Gandi. This flaw is found in the Xen virtualization software.
Following this announcement we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventive measure, we have decided that a reboot of Xen-based VMs is required in order to ensure that all possible attack vectors have been mitigated.
We will contact affected customers directly via email to provide instructions on performing the reboot on their own.This preventive reboot will not affect customers we did not contact.
We strongly recommend that customers concerned by this to restart their VMs themselves, in order for them to verify that all of their services have been correctly restarted.
We will reboot the VMs of affected customers (those which were not rebooted by their owner) from Thursday, October 22 until Wednesday, October 28. An outage of 30 minutes maximum is expected for each impacted VM.