Yesterday, a new speculative execution attack affecting Intel processors was announced, named "L1 Terminal Fault" (L1TF) by Intel, and nicknamed "Foreshadow" by the security community.
In order to ensure that customer environments are protected against this vulnerability, our Reliability Team is beginning the process of re-launching customer containers and utility services (e.g., build instances, ephemeral SSH servers) on new EC2 instances that have been updated to the latest Linux kernel, which contains the Page Table Entry (PTE) Inversion mitigation against this L1TF attack.
To begin, the most vulnerable instances will be replaced — i.e., instances in shared environments where arbitrary code may be run. These include:
* App instances
* Build instances (where Docker images are built)
* Bastion instances (where ephemeral `aptible ssh` containers run)
The replacement operation should incur no downtime for your apps, but will require that we run `aptible restart` (a zero downtime operation) on each app in your shared environments.
We will continue to update this status page as we proceed with the patching process.
Here are a few relevant links to learn more about this vulnerability: