Today, a new speculative execution attack affecting Intel processors was announced. The attack uses the Microarchitectural Data Sampling ("MDS") approach, and has been nicknamed "ZombieLoad" by the security community.
In order to ensure that customer environments are protected against this vulnerability, our Reliability Team is scheduling the process of re-launching customer containers and utility services (e.g., build instances, ephemeral SSH servers) on new EC2 instances that have been updated to the latest Linux kernel, which contains a mitigation against this attack.
To begin, the most vulnerable instances will be replaced — i.e., instances in shared environments where arbitrary code may be run. These include:
• App instances
• Build instances (where Docker images are built)
• Bastion instances (where ephemeral `aptible ssh` containers run)
The replacement operation should incur no downtime for your apps, but will require that we run `aptible restart` (a zero downtime operation) on each app in your shared environments.
We will continue to update this status page as we proceed with the patching process. We expect to begin replacing instances within the next 18 hours.
Here are a couple relevant links to learn more about this vulnerability: