Thank you for visiting the Rackspace Community
The Community is currently in read-only mode. All content is available, but the ability to post new content or topics is not available at this time.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

IMPORTANT NOTICE – QEMU "VENOM" Vulnerability

  • Hello,


    Thanks for contacting the community. The deadline for the Americas is 09:00 CDT on Thursday, 5/14/15; the deadline for International is 02:00 GMT on Friday, 5/15/15. Should they fail to do so by the deadline, we will power cycle their VM's for them per a defined operational schedule that we will publish to our Support teams within the next 24 hours.I hope this information was helpful. Let us know if you need further assistance and thanks for being a part of our community.

    John Regino
    3rd Shift After Hours
    Manager of Fanatical Support

  • I'm not sure I understand.  Let's assume I'm in the Americas where, at the time of writing, it is 0615 CDT on Thursday 14 May.  Now... you're operational schedule will be published in the next 24 hours - i.e. before 0600 CDT on Friday 15th May.  So if I don't reboot until 1100 CDT on Thursday I have missed your deadline, so will you reboot my server AGAIN according to your to-be-announced schedule?

    Sorry - hope that made sense.

    Mike

  • Howdy!

    I'm sorry to hear that the java console's been giving you so much grief. I've help a lot of our partners such as yourself with this but, there are several different reasons for this. The two that are most prominent are java security issues [1] and a blank console screen[2].

    [1] - This link typically helps to address the Java security issue

    https://www.java.com/en/download/faq/exception_sitelist.xml

    [2] - Blank console screen

    Just click in the console screen area and hit [ENTER] a few times and it should take you to the login screen.  

    If those suggestions aren't any help, or if you had any other questions or concerns please give us a call, chat or reach out via ticket to let us know and we'd be glad to do all we can to help!

  • Hi mkh,

    If you have already taken action on your end before the maintenance window, then your server(s) will not be be affected by the maintenance. We will be running checks on each host prior to taking action to ensure that we do not affect customers who took advantage of the self-service window.

  • Stuart Bankey
    We will be running checks on each host prior to taking action to ensure that we do not affect customers who took advantage of the self-service window.

    Is it possible for customers to use those checks to confirm that all of their systems have in fact been rebooted? We think we did, but it'd be nice to be sure.

  • jbscare
    Is it possible for customers to use those checks to confirm that all of their systems have in fact been rebooted? We think we did, but it'd be nice to be sure.

    +1.  We hard rebooted our affected instances late last night, but there's nothing to say that the reboots successfully solved the issue / fulfilled the requirements of the process.  I'd like to be able to confirm that our servers have been rebooted correctly and safely before it's too late.

    The fact that the list of instances contained many that have been deleted for months -- in fact, created and deleted during the reboot extravaganza in March -- makes me unconvinced that this is being dealt with very competently, to be honest.

  • Hey everyone - I wanted to share this updated test to run on your servers to determine if they still need to be rebooted. 

    if [ `zgrep -Ei 'xen|front' /var/log/dmesg* | grep 'HVM' | wc -l` -eq 0 ] ; then echo "SAFE (PV SERVER)" ; else reboot=$(date -u --date="`cat /proc/uptime | awk '{print $1}'` Seconds ago" +%s); if [[ $reboot > 1431421200 ]]; then echo "No additional reboot required"; else echo "You need to hard reboot"; fi ; fi
    

    This command will first determine if your server is impacted (PV - save vs PVHVM - impacted) and then determine when the last reboot occurred. If the server has not been rebooted since the patch was applied, it will return "You need to hard reboot." If the server has been rebooted after the patch, the message will be "No additional reboot required." 

    You'll need to run this on each server. I recommend using a tool like Ansible if you have several servers to check. 

    Thanks for your patience and understanding. 

    Alan Bush
    Technical Community Manager
    Rackspace Cloud

  • Hello Stuart,

    We have completed the hard reboot of our servers. We still see the notification on our Cloud servers panel which says "Critical Maintenance Notification: A portion of Cloud Server instances must be power cycled in an urgent maintenance. See the post in the Community for more details."

    I wanted to know if this message will be displayed even after we have completed a hard reboot, or is it an indication that I have not followed the steps correctly?

  • Hey Vikram,

    You are correct, that will appear in the control panel until the maintenance is all over.  It does not necessarily mean that you personally need to take any additional steps.

    Regards,

    Alison Oster
    Technical Community Manager

  • alanbush
    Hey everyone - I wanted to share this updated test to run on your servers to determine if they still need to be rebooted.

    Thanks Alan.  I'm glad I just ran this as it turns out that we've got a load more servers we need to reboot.

    It looks like the list of affected instances sent in the ticket were the original names of the instances, not the current names.  During the March mass reboot, we'd created many instances in the hope of creating some pre-patched ones, and then renamed them as needed.

    It might be worth cross-checking the list of affected instance names against their current names and notifying any customers who have renamed instances, as we have.

  • alanbush

    Hey everyone - I wanted to share this updated test to run on your servers to determine if they still need to be rebooted. 

    1
    if [ `zgrep -Ei 'xen|front' /var/log/dmesg* | grep 'HVM' | wc -l` -eq 0 ] ; then echo "SAFE (PV SERVER)" ; else reboot=$(date -u --date="`cat /proc/uptime | awk '{print $1}'` Seconds ago" +%s); if [[ $reboot > 1431421200 ]]; then echo "No additional reboot required"; else echo "You need to hard reboot"; fi ; fi

    That command looks like it just checks if the system has been rebooted at all; it doesn't seem like it would differentiate between a "hard' and a "soft" reboot. Is there more to it than that?

  • What timezone is used for reboot schedule? Message in Control Panel shows date and time, but not the timezone.

    CDT?

  • The times are CDT. I apologize for not having more info on them. We're working to get that included with the times.

    Thanks

    Alan Bush
    Technical Community Manager
    Rackspace Cloud

  • The listed times for my servers in the control panel are not acceptable.

    Can I still reboot on my own tonight?

    Can I have the times moved?

  • Hi there -


    You can reboot on your own any time before the automated power cycle occurs. We are not able to alter the automated power cycle times.

    Best,

    Alan Bush
    Technical Community Manager
    Rackspace Cloud