host600.rimuhosting.com is not responding after the host software upgrade.  We are investigating.

Update @UTC Mar 4 1320: We are scheduling host servers for the upgrade.  See http://rimuhosting.com/cp/hsupgrades.jsp (edit: corrected url) for a list of your affected servers.  If your server is not currently scheduled for an update, then we will schedule that at a later date.  We will email you when we add one of your host servers to the schedule.  Please bear with us as we attempt to get these hosts patched as quickly as possible.

Issue: There are some security issues affected Xen hosts (and thus the VMs that run on those hosts) per http://xenbits.xen.org/xsa/

The details are embargoed meaning that the details of the issue cannot be made public.  RimuHosting is on a 'predisclosure' list so we are privy to the details of those issues (and the fixes).  However we are not permitted to disclose any details to our customers (while the issues remain embargoed).

Impact: This affects VMs hosted with us (including those on dedicated host servers).  It excludes regular dedicated servers not running the Xen hypervizor.

Course of action: We will be applying those fixes.  To do that we will stop VMs on a Xen host, install the updated packages and restart the host server.  VMs will come up after the reboot.  Typically it will take 20-60 minutes of downtime to complete this process.

Timing: Because of the nature of the problem we will be doing restarts around the clock on affected hosts.  We will attempt to do those, where possible, outside of business hours at the host server data center location.

We will be updating this notice with more information as our planning and the rollout of the fixes progresses.  Please subscribe to this notice to receive further updates.

We are upgrading the hosting stacks on some of our virtual machine host servers. This includes host905 virtual machine's hypervisor host.

The upgrade updates the host server distro and virtualization software to the most current version.  It does not change your server's distro version or disk image or IP.

The upgrade requires about 1 hour of downtime.

Your host server upgrade is scheduled to be performed on Saturday from 8am to 4pm AEST

If the upgrade time and date does not suit you, your are always welcome to move your VPS to another host at your convenient schedule with the rimuhosting control panel, this can be done at: https://rimuhosting.com/cp/vps/move.jsp

(ip address will change almost for sure)

The best candidates hosts for the move are host996 and host1263, these are already in the latest version.

If you have any questions, please let us know by sending an email to support(at)rimuhosting.com

Else pop into live chat at http://rimuhosting.com/chat.jsp and we can co-ordinate timing with you.

We are upgrading the hosting stacks on some of our virtual machine host servers. This includes host884 virtual machine's hypervisor host.

The upgrade updates the host server distro and virtualization software to the most current version.  It does not change your server's distro version or disk image or IP.

The upgrade requires about 1 hour of downtime.

Your host server upgrade is scheduled to be performed on Saturday from 8am to 4pm AEST

If the upgrade time and date does not suit you, your are always welcome to move your VPS to another host at your convenient schedule with the rimuhosting control panel, this can be done at: https://rimuhosting.com/cp/vps/move.jsp

(ip address will change almost for sure)

The best candidates hosts for the move are host996 and host1263, these are already in the latest version.

If you have any questions, please let us know by sending an email to support(at)rimuhosting.com

Else pop into live chat at http://rimuhosting.com/chat.jsp and we can co-ordinate timing with you.

RimuHosting autopatch/deghost updates

@UTC Wed 4 Feb 0619:

We have created a 'deghost' script (http://github.com/pbkwee/deghost) to update the glibc packages.

Its key function is to tidy up apt and yum repositories if they are out of date, and to yum/apt install the libc library.  It typically works great on Squeeze, Wheezy, Canonical-supported Ubuntus, and Centos 5+

We are running this on customer servers.  When that completes you will be able to see the results at http://rimuhosting.com/cp/serverpatchstate.jsp

To opt out of the auto patch, please reply to the email we had sent.  If you have already patched the server, please do not reply to that email unless you do not wish us to touch your server (since the deghost script would not do anything if your server is already patched).

Even after the library is patched servers need to be restarted (so running programs using the old libc can be reload with the new libc).  You can do that for a VM at http://rimuhosting.com/cp/vps/restart.jsp

Please subscribe to this notice to receive updates.

ghost glibc vulnerabilty

There is a vulnerability in most versions of the ubiquitous glibc library (which is used by most server binaries: sshd, mysql, ntp, apache, etc)

http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html
http://www.openwall.com/lists/oss-security/2015/01/27/9
https://security-tracker.debian.org/tracker/CVE-2015-0235

Patching the vulnerability

For modern, supported Debian and Ubuntu distros you can simply run apt-get update; apt-get install libc6

On Centos distros you can run yum install glibc.

This should work fine on Centos 7, Centos 6, Centos 5, Debian 7.  And Debian 6 if you are using the lts repositories.

Ubuntu 14.04 is not affected.  Supported Ubuntus per http://en.wikipedia.org/wiki/List_of_Ubuntu_releases#Table_of_versions should also have an update.

You can manually run our deghost script by SSH-ing into your server (as root).  Then running:

wget https://raw.githubusercontent.com/pbkwee/deghost/master/deghost.sh
bash deghost.sh

If you are running an unsupported Ubuntu distro or Debian Lenny (also unsupported) you can use the bash deghost.sh --break-eggs option to attempt to do a dist-upgrade to a stable version.

Thu, 5 Mar 2015 22:47 PM UTC: This host is back online and all VPSs are started.

host996.rimuhosting.com is not pinging after the scheduled host server ugprade.  We are investigating.

Tue, 3 Mar 2015 03:47 AM UTC: This work was completed to schedule

There will be a scheduled four (4) hour maintenance window on Monday, March 2 at 5:00pm AEST (0700 UTC). This will impact DNS queries to the following (older) DNS resolvers...

ns1.net.au (202.125.32.4)
ns2.net.au (202.125.32.5)

This notification is just a precaution; as the datacenter is working on one server at a time requests should fail over gracefully to other resolvers. That could however temporarily slow down performance of some services on your server.

If you are using the above DNS servers, and would like to change those in advance of this work, you can use the new cluster provided by the datacenter, with IPs 223.252.100.115 & 223.252.100.116. Also, good resolvers are provided by Google (8.8.8.8 and 8.8.4.4). Or you can use alternate DNS resolvers of your own choice.

You can check which resolvers your server is using by looking at the contents of /etc/resolv.conf

If you need more information or assistance with anything mentioned in this notice please open a support ticket with details via https://rimuhosting.com/ticket/startticket.jsp