Tag Archives: security

Dirty Cow: Restarting all VMs

All VMs are currently affected by the “Dirty Cow” kernel bug. The upcoming release 2016_034 contains a kernel update which upgrades Linux to the unaffected version 4.4.28. As usual, the kernel update requires to reboot all VMs.

Schedule:

  • Tue 15 through Thu 17 November 2016: reboot staging VMs
  • Thu 17 through Thu 24 November 2016: reboot productive VMs.

VM reboots will be scheduled along the agreed maintenance windows. We will piggy-back a Qemu binary environment update which would require a separate reboot otherwise.

Vulnix v1.0 release

Intro

Back in May I introduced you to the development of vulnix, a tool which initially was done to find out whether a system (might) be affected by a security vulnerability. It does this by matching the derivations name with the product and version specified in the cpe language of the so-called CVEs (Common Vulnerabilities and Exposures). In the meantime we introduced the tool to the community at the Berlin NixOS Meetup and got some wonderful input in which directions we might extend the features. We sprinted the next two days to improve the code quality and broaden the feature set.

Continue reading Vulnix v1.0 release

OpenSSH Triple 7 Bug — a good chance to upgrade your keys

OpenSSH is a very common used tool in server administration and secure data transfer between servers and/or clients. It’s deployed on a wide range of servers, clients, routers, mobile phones and possibly even on your DVD player. Unfortunately it’s a software which is having bugs, too. This is about the Triple 7 bug, why you should generate new SSH-keys and how to do this.

Continue reading OpenSSH Triple 7 Bug — a good chance to upgrade your keys

VENOM’s little brother is here – another Qemu security upgrade required

A new Qemu vulnerability has been discovered recently. We are going to proactively reboot all VMs during the next days.

Update 2015-08-05: The VM restarts will be performed during maintenance windows according to every customers’ schedule tonight.  We decided to skip the regular lead time due to the importance of this update and to speed up another important update to our storage and backup infrastructure. We are paying close attention to keep your applications and your data safe, especially after the events in recent months. The current and upcoming changes belong to the promised updates, upgrades, and improvements to our infrastructure in response to those outages.

Continue reading VENOM’s little brother is here – another Qemu security upgrade required