Stay updated with announcements, get answers from the community and share your feature suggestions with us.
You can also submit a request or send us an email at firstname.lastname@example.org.
Elizabeth Apr 18 • Announcements / Current System Status
Update as of 16:18 PDT: This issue has been corrected and should resolve/sync fully in a short time. Thank you for your patience.
We are currently experiencing issues with NTP in our West-1 data center. Our Ops and Engineering teams are actively investigating. We'll provide an update as soon as we have more information and an update.
Your patience is much appreciated.
Elizabeth Apr 13 • Announcements / Current System Status
UPDATE as of 16:20 PDT: The issue encountered in West-1 is now resolved and the maintenance completed in West-1. Our apologies for the unexpected extended outage. This maintenance has been completed in East-1, but we have canceled this upgrade for SW-1 at this time. We will provide an update as to when SW-1 has been been rescheduled.
UPDATE as of 16:07 PDT: NetApp and our Ops team are still investigating this issue. We will provide an update as soon as NFS is back online.
UPDATE as of 15:26 PDT: NetApp engineers are still actively investigating. Apologies for this inconvenience. We will continue to keep you updated.
UPDATE as of 14:51 PDT: We are currently experiencing extended issues with NetApp. We will continue to keep you updated on our progress.
As part of our ongoing maintenance activities for the Joyent Public Cloud, we will be conducting emergency upgrades to our NetApp Appliances (servicing NFS mounts) in US-WEST-1, US-SW-1, and US-EAST-1, on Tuesday, 14-April-2015, from 13:00 - 17:00 PDT (20:00 - 00:00 / 15-April-2015 UTC). Only those with active NFS mounts will be impacted.
During this time, you may experience up to 5 seconds of intermittent hangs to your NFS mount, but no other impact is expected.
We apologize for the short notice and inconvenience, and we appreciate your patience and understanding. We will update this notice as soon as the maintenance is completed. If you have any questions or concerns, please contact our Support team by raising a ticket at https://help.joyent.com or emailing email@example.com.
Sean G. Mar 20 • Announcements / Announcements
The following sections describe the scope of recently-announced Open SSL vulnerabilities (source: https://www.openssl.org/news/vulnerabilities.html). We have included actions being taken by Joyent, and actions recommended for customers to take.
Joyent has never shipped any versions of OpenSSL version 1.0.2 to customers, either in pkgsrc or as part of SmartDataCenter (SDC). If we do ship 1.0.2 versions in the future, they will be those versions known to contain the recent security fixes.
Should customers choose to upgrade OpenSSL on their own, they are advised to use version 1.0.2a or later to address the following vulnerabilities:
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Multiblock corrupted pointer (CVE-2015-0290)
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Empty CKE with client auth and DHE (CVE-2015-1787)
Handshake with unseeded PRNG (CVE-2015-0285)
The following vulnerability has already been patched, in response to previous announcements from the OpenSSL project:
Base64 decode (CVE-2015-0292)
The CVEs listed in this section have been addressed in the most-currently-released versions of Joyent's software and package repositories:
The applicable CVEs are:
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)
PKCS7 NULL pointer dereferences (CVE-2015-0289)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Joyent customers who are using third-party operating systems are advised to contact their respective service providers for further information and instructions.
If (after following the instructions above) further questions arise regarding mitigation of these OpenSSL vulnerabilities in relation to Joyent products and services, please contact Joyent Support by emailing firstname.lastname@example.org or submitting a request at https://help.joyent.com/home.
Elizabeth Jan 28 • Announcements / Announcements
This notice is to advise Joyent Public Cloud and Smart Data Center customers of the recently identified glibc Linux security issue CVE-2015-0235 (GHOST).
This vulnerability can be triggered by the gethostbyname functions, impacting many systems built on Linux.
You can scan for this vulnerability using the Qualys Vulnerability Management Cloud Solution as QID 123191. If you think you may be affected, patches are available from all of the Linux vendors starting today.
Please note that this vulnerability does *not* impact SmartOS.
For more information on GHOST, including a podcast, please visit the Laws of Vulnerabilities blog.