I didn’t intend for this to become a security blog. Well okay, I didn’t mean for this to become an exclusively security blog.

In the midst of Shellshock, Amazon announced they’d be rebooting a series of their EC2 instances. The company didn’t comment on why. Over the weekend, Rackspace followed suit. Infrastructure providers around the world proceeded to raise their collective eyebrows. One company doing this is unusual. Two without detail may be cause for concern.

The consensus seems to be (citation needed?) its in response to a Xen hypervisor update. From the XSA-108 advisory:

(Prereleased, but embargoed).

According to the Xen Project security policy page, Amazon and Rackspace are among the companies with pre-release access to this information.

Those are the facts. With some lovely conjecture, we can assume these teams have access to a patch which required a reboot. Both Amazon and Rackspace are known to run very old versions of Xen too, so perhaps this only affects such versions.

We’ll all know more later this week.