Welcome to Joyent Cloud Customer Support

Stay updated with announcements, get answers from the community and share your feature suggestions with us.
You can also submit a request or send us an email at support@joyent.com.

 

Joyent Support

Elizabeth Apr 18 Announcements / Current System Status

Update as of 16:18 PDT: This issue has been corrected and should resolve/sync fully in a short time. Thank you for your patience.

We are currently experiencing issues with NTP in our West-1 data center. Our Ops and Engineering teams are actively investigating. We'll provide an update as soon as we have more information and an update. 

Your patience is much appreciated.

Elizabeth Apr 13 Announcements / Current System Status

UPDATE as of 16:20 PDT: The issue encountered in West-1 is now resolved and the maintenance completed in West-1. Our apologies for the unexpected extended outage. This maintenance has been completed in East-1, but we have canceled this upgrade for SW-1 at this time. We will provide an update as to when SW-1 has been been rescheduled.

UPDATE as of 16:07 PDT: NetApp and our Ops team are still investigating this issue. We will provide an update as soon as NFS is back online. 

UPDATE as of 15:26 PDT: NetApp engineers are still actively investigating. Apologies for this inconvenience. We will continue to keep you updated.

UPDATE as of 14:51 PDT: We are currently experiencing extended issues with NetApp. We will continue to keep you updated on our progress.

As part of our ongoing maintenance activities for the Joyent Public Cloud, we will be conducting emergency upgrades to our NetApp Appliances (servicing NFS mounts) in US-WEST-1, US-SW-1, and US-EAST-1, on Tuesday, 14-April-2015, from 13:00 - 17:00 PDT (20:00 - 00:00 / 15-April-2015 UTC). Only those with active NFS mounts will be impacted.

During this time, you may experience up to 5 seconds of intermittent hangs to your NFS mount, but no other impact is expected. 

We apologize for the short notice and inconvenience, and we appreciate your patience and understanding. We will update this notice as soon as the maintenance is completed. If you have any questions or concerns, please contact our Support team by raising a ticket at https://help.joyent.com or emailing support@joyent.com.

 

Sean G. Mar 20 Announcements / Announcements

The following sections describe the scope of recently-announced Open SSL vulnerabilities (source: https://www.openssl.org/news/vulnerabilities.html). We have included actions being taken by Joyent, and actions recommended for customers to take.

1) CVEs specific to OpenSSL version 1.0.2

Joyent has never shipped any versions of OpenSSL version 1.0.2 to customers, either in pkgsrc or as part of SmartDataCenter (SDC). If we do ship 1.0.2 versions in the future, they will be those versions known to contain the recent security fixes.

Should customers choose to upgrade OpenSSL on their own, they are advised to use version 1.0.2a or later to address the following vulnerabilities:

  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
    Multiblock corrupted pointer (CVE-2015-0290)
    Segmentation fault in DTLSv1_listen (CVE-2015-0207)
    Segmentation fault for invalid PSS parameters (CVE-2015-0208)
    Empty CKE with client auth and DHE (CVE-2015-1787)
    Handshake with unseeded PRNG (CVE-2015-0285)

2) Previously-addressed CVE

The following vulnerability has already been patched, in response to previous announcements from the OpenSSL project:

  • Base64 decode (CVE-2015-0292)

3) CVEs addressed in current Joyent-delivered software

The CVEs listed in this section have been addressed in the most-currently-released versions of Joyent's software and package repositories:

  • pkgin repository 2014Q4 (delivered in base images 14.4.x LTS)
  • SDC platform images released after 25-March-2015
  • Software in pkgin repository 2014Q2 will be patched and packages are being rebuilt, delivery expected 31-March-2015 or sooner

The applicable CVEs are:

  • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
    ASN.1 structure reuse memory corruption (CVE-2015-0287)
    PKCS7 NULL pointer dereferences (CVE-2015-0289)
  • DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
  • Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
  • X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

4) Further questions

Joyent customers who are using third-party operating systems are advised to contact their respective service providers for further information and instructions.

If (after following the instructions above) further questions arise regarding mitigation of these OpenSSL vulnerabilities in relation to Joyent products and services, please contact Joyent Support by emailing support@joyent.com or submitting a request at https://help.joyent.com/home.

Elizabeth Jan 28 Announcements / Announcements

This notice is to advise Joyent Public Cloud and Smart Data Center customers of the recently identified glibc Linux security issue CVE-2015-0235 (GHOST).

This vulnerability can be triggered by the gethostbyname functions, impacting many systems built on Linux.

How can you check if you are vulnerable?

You can scan for this vulnerability using the Qualys Vulnerability Management Cloud Solution as QID 123191. If you think you may be affected, patches are available from all of the Linux vendors starting today.

Please note that this vulnerability does *not* impact SmartOS.

For more information on GHOST, including a podcast, please visit the Laws of Vulnerabilities blog.

Jason S. Jan 9 Announcements / Announcements

Joyent engineers have recently identified a bug that may have impacted you. Based on the information provided below, you may need to conduct a review of your SDC 7 network settings, and to make adjustments if you encounter this issue.

The bug, named NAPI-203, allows SDC operators to inadvertently define Logical Networks with overlapping ranges of IP addresses, using either the Network API (NAPI) or the Operations Portal (AdminUI). The net result is that SDC 7 could allocate the same IP address to multiple Virtual Machines (VMs), potentially causing problems with packet routing and interface stability.

This vulnerability is of particular concern for Layer 3 VLANs with public (internet-facing) IP addresses, but it applies to any Logical Network. For Layer 2 (internal) VLANs, this problem could be safely ignored, unless you intend to use overlapping VLANs on the same VM.

Following is an example scenario:

Network 1

  • UUID d7c27155-db87-4382-bcd6-8553a53b6237
  • VLAN ID 102
  • Network 151.1.224.128/26
  • Gateway 151.1.224.129
  • Netmask 255.255.255.192
  • IP Range 151.1.224.131 - 151.1.224.190
  • NIC Tag external
  • Resolvers 8.8.8.8,8.8.4.4

Network 2

  • UUID 69cdf230-3e84-4398-bea4-53aee17af5d4
  • VLAN ID 999
  • Network 151.1.224.128/26
  • Gateway 151.1.224.129
  • Netmask 255.255.255.192
  • IP Range 151.1.224.131 - 151.1.224.140
  • NIC Tag external
  • Resolvers 8.8.8.8

In the example scenario above, note that both Networks could allocate IPs in the range 151.1.24.131 - 140.

We recommend that you conduct a review of your network definitions to see if you have inadvertently created any overlapping definitions. If you do find any -- and you need to correct the situation -- we recommend the following steps:

  1. Determine which Network is incorrectly defined.
  2. If required, create a new, correctly defined Logical Network.
  3. For all VMs on the incorrectly defined Network referenced in Step 1, remove the NIC and allocate them a new NIC on a correctly defined Network.
  4. Once all VMs have been removed from the incorrectly defined Network, delete that Network’s definition.

Please contact Joyent Support via your normal support channels if you have any questions, comments, or concerns regarding this. Thank you.

Joyent

 

Overview | Recent