We will be carrying out Emergency Maintenance work early tomorrow morning (Tuesday 27th June) within the 1am – 4am maintenance window. This will be widely customer affecting and is outlined below. Please read to understand how this will affect you.
A class of vulnerability has been discovered in the Linux kernel, based on a technique known as stack clashing (in simple terms, wreaking havoc by causing one area of memory, the stack, to overwrite another, the heap). Modern operating systems include mitigations against this type of vulnerability, but it seems that these are less effective than previously thought, and many exploits are still possible in spite of them. The released exploits are all local privilege escalations, allowing unprivileged local users (or anyone able to execute code as one through a remote code execution vulnerability) to obtain full root privileges. As this is a wide-ranging vulnerability, there are a number of related CVEs, and updates have been made available for several different packages. The vulnerability affects all recent versions of CentOS, Debian and Ubuntu. More technical details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt (or https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash for a simpler explanation).
Fixes are already available for all currently supported releases of Ubuntu, Debian, and CentOS. For our managed customers using Ubuntu, Debian and CentOS, we have installed the update for you and you have been sent a reboot request (as this is a kernel update, you are still vulnerable until you have rebooted). To update servers for our customers on shared platforms using Ubuntu, Debian, and CentOS, we have completed updates and we will perform server reboots within the 1am – 4am maintenance window.
Please note that users of distributions that have reached the end of their support life (any Ubuntu releases other than 14.04, 16.04, 16.10 and 17.04) are highly likely to be affected, but will not receive any security updates. We strongly recommend that users of such distributions upgrade as a matter of urgency.
To minimise disruption during the restart of our firewalls, we will isolate them from the network. This bypass allows services to remain online with only a minor period of downtime of around 10-20 seconds. Once the firewall has restarted and we have checked to confirm the work has been carried out successfully, we will re-introduce the firewall into the network. This will again result in a minor period of downtime of around 10-20 seconds. During the time the firewall is isolated, your servers will continue to operate as normal. Our firewalls are passive in nature, and only provide filtering for defined customers.
If you are a self-managed or standard support customer and are unsure whether this vulnerability affects you, please raise a support ticket or call the team and a member of the support team will advise immediately. If a patch is required and you are not comfortable in patching the server yourself, we can do this for you as a chargeable one-off special request.
Thank you for your cooperation.
CWCS Technical Support
If you wish to unsubscribe from these notifications please visit http://cwcsstatus.co.uk/subscribe, enter in your email address and set your subscription preferences.