Mass Xen for Amazon?
Does this mean that there'll be a mass reboot of AWS VMs again?
The Xen Project has issued eight security advisories for its open source hypervisor. XSA-195 is considered the most serious of the eight, as it could allow memory modification, resulting in arbitrary code execution, a crash of the host, or information exposure. According to the Xen Project, XSA-195 (CVE-2016-9383) is …
This post has been deleted by its author
God, I hate articles like this, which sound very alarmist when you first read them, but once you investigate even a tiny bit (and to do this you will have to follow all the links) turn out to be a storm in a teacup. So get patching, but don't panic. Happy Thanksgiving!
The Advisory of XSA-195 does state in the credits that the bug was discovered by running American Fuzzy Lop v2.35b. I also found it interesting that the Qubes team (nearly) praise the Xen team in their security bulletin: that's kind of new and unusual. It is also reassuring that the Xen team now does some targeted security testing and harding towards the end of making a release.