As you may have heard, a recent vulnerability was uncovered in QEMU, the software that drives virtualization on our hypervisors. This vulnerability bears the CVE number CVE-2015-3456 and was dubbed Venom (more details).

We take security very seriously at Exoscale, and while no known exploit exists for this vulnerability, we have ensured that our hypervisors are not permeable to this attack.

What does this mean to you? We would advise you to stop and restart your virtual machines from the API or our portal so that they are ran against the latest version of the QEMU code to ensure maximum safety. Please note that rebooting instances will not be sufficient.