Text only | Text with Images

Charlottezweb

Charlottezweb Hosting => Server Updates & Outages => Topic started by: Jason on July 27, 2015, 06:52:34 PM

Title: July 27, 2015 :: Emergency Security Rebots; All Servers
Post by: Jason on July 27, 2015, 06:52:34 PM
I'm in the process of rebooting all servers following a security patch implemented by our datacenter. 

I will update this thread further upon completion.

Thanks,
Jason

-------------
marking complete
-Jason
Title: Re: July 27, 2015 :: Emergency Security Rebots; All Servers
Post by: Jason on July 27, 2015, 07:08:08 PM
All servers are complete except for Wildfire. We're looking into it now.
Title: Re: July 27, 2015 :: Emergency Security Rebots; All Servers
Post by: Jason on July 27, 2015, 07:29:56 PM
Wildfire is back online which concludes our reboots.

Thank you for the unexpected interruption in service. This is one of those scenarios where scheduling it for a later time may be counter-productive for security.

It was very brief for most servers -- under 3-5 minutes --- (except for a bit longer for Wildfire) but is a necessary precaution for overall security.

Below is more technical information on the patch and reboot requirement for those interested. 

Thank you for your patience and business!

--------
Quote
Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
Impact

Specifically a flaw with how QEMU's IDE subsystem handles buffer access while processing certain ATAPI commands, exploitation can allow for the execution of arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
Summary

    Made public on July 27, 2015
    This flaw exploits QEMU, a generic and open source machine emulator.
    Allows for an attacker to execute arbitrary code outside of their own virtual machine.

Resolution

A patch is available, and Liquid Web's Heroic Support has proactively scheduled a reboot to patch all affected servers.

Red Hat states:

    A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

Further information may be available at: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154

Regards,
Jason
Text only | Text with Images