Six Xen Security Advisories were announced today, including at least one potential privilege escalation. We already patched five of them, though we were not vulnerable to all of them.

The sixth, XSA-273 L1 Terminal Fault speculative side channel, was published without an embargo period. While we’ve already implemented some of the requirements for mitigation, the actual software updates were not available until today and we don’t have them in place yet.

This vulnerability is an information disclosure and not a direct privilege escalation. There is no known public exploit yet. We expect to complete the mitigation within the next few weeks. You will receive a notice of when this is scheduled for your VPS and if any downtime or reboot is expected.