All VMs are currently affected by the “Dirty Cow” kernel bug. The upcoming release 2016_034 contains a kernel update which upgrades Linux to the unaffected version 4.4.28. As usual, the kernel update requires to reboot all VMs.
- Tue 15 through Thu 17 November 2016: reboot staging VMs
- Thu 17 through Thu 24 November 2016: reboot productive VMs.
VM reboots will be scheduled along the agreed maintenance windows. We will piggy-back a Qemu binary environment update which would require a separate reboot otherwise.
Back in May I introduced you to the development of vulnix, a tool which initially was done to find out whether a system (might) be affected by a security vulnerability. It does this by matching the derivations name with the product and version specified in the cpe language of the so-called CVEs (Common Vulnerabilities and Exposures). In the meantime we introduced the tool to the community at the Berlin NixOS Meetup and got some wonderful input in which directions we might extend the features. We sprinted the next two days to improve the code quality and broaden the feature set.
Continue reading Vulnix v1.0 release
OpenSSH is a very common used tool in server administration and secure data transfer between servers and/or clients. It’s deployed on a wide range of servers, clients, routers, mobile phones and on your DVD player. Unfortunately it’s a software which is having bugs, too. This is about the Triple 7 bug, why you should generate new SSH-keys and how to do this.
Continue reading OpenSSH Triple 7 Bug — a good chance to upgrade your keys
A new Qemu vulnerability has been discovered recently. We are going to proactively reboot all VMs during the next days.
Update 2015-08-05: The VM restarts will be performed during maintenance windows according to every customers’ schedule tonight. We decided to skip the regular lead time due to the importance of this update and to speed up another important update to our storage and backup infrastructure. We are paying close attention to keep your applications and your data safe, especially after the events in recent months. The current and upcoming changes belong to the promised updates, upgrades, and improvements to our infrastructure in response to those outages.
Continue reading VENOM’s little brother is here – another Qemu security upgrade required
We are currently rolling out an updated version of Qemu which includes a bugfix for the VENOM vulnerability. To activate it, we have to reboot all VMs.
Continue reading VENOM: We need to reboot all VMs
A few days ago details about of the Logjam attack have been published. This attack allows to trick Internet servers into using a weak TLS cipher suite. After doing so, traffic encryption can easily be broken. What is the Flying Circus doing against it? To protect against the problem, several steps need to be taken: Continue reading Logjam attack
OpenSSL today released a security update for various issues – including two high-severity ones. Continue reading Upcoming OpenSSL update