Welcome to Joyent Cloud Customer Support

Stay updated with announcements, get answers from the community and share your feature suggestions with us.
You can also submit a request or send us an email at support@joyent.com.

 

Joyent Support

Sean G. Mar 30 Announcements / Current System Status

As part of our ongoing routine maintenance activities for the Joyent Public Cloud, we have scheduled Manta updates in our US-EAST-1, US-EAST-2 and US-EAST-3 data centers for this Thursday, 2-April-2015, starting at 13:00 PDT (20:00 UTC). The expected duration of impact is approximately 3 hours.

Your applications may experience short bursts (up to 30 seconds each) of Manta being unavailable as the underlying systems recover from updates. Some Manta jobs may experience increased latency, and some jobs may fail with internal errors as they are putting job results back into Manta.

We appreciate your patience and understanding, and will update this notice as soon as the maintenance is completed. If you have any questions or concerns, please contact our Support team by raising a ticket at https://help.joyent.com or emailing support@joyent.com.

Sean G. Mar 20 Announcements / Announcements

The following sections describe the scope of recently-announced Open SSL vulnerabilities (source: https://www.openssl.org/news/vulnerabilities.html). We have included actions being taken by Joyent, and actions recommended for customers to take.

1) CVEs specific to OpenSSL version 1.0.2

Joyent has never shipped any versions of OpenSSL version 1.0.2 to customers, either in pkgsrc or as part of SmartDataCenter (SDC). If we do ship 1.0.2 versions in the future, they will be those versions known to contain the recent security fixes.

Should customers choose to upgrade OpenSSL on their own, they are advised to use version 1.0.2a or later to address the following vulnerabilities:

  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
    Multiblock corrupted pointer (CVE-2015-0290)
    Segmentation fault in DTLSv1_listen (CVE-2015-0207)
    Segmentation fault for invalid PSS parameters (CVE-2015-0208)
    Empty CKE with client auth and DHE (CVE-2015-1787)
    Handshake with unseeded PRNG (CVE-2015-0285)

2) Previously-addressed CVE

The following vulnerability has already been patched, in response to previous announcements from the OpenSSL project:

  • Base64 decode (CVE-2015-0292)

3) CVEs addressed in current Joyent-delivered software

The CVEs listed in this section have been addressed in the most-currently-released versions of Joyent's software and package repositories:

  • pkgin repository 2014Q4 (delivered in base images 14.4.x LTS)
  • SDC platform images released after 25-March-2015
  • Software in pkgin repository 2014Q2 will be patched and packages are being rebuilt, delivery expected 31-March-2015 or sooner

The applicable CVEs are:

  • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
    ASN.1 structure reuse memory corruption (CVE-2015-0287)
    PKCS7 NULL pointer dereferences (CVE-2015-0289)
  • DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
  • Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
  • X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

4) Further questions

Joyent customers who are using third-party operating systems are advised to contact their respective service providers for further information and instructions.

If (after following the instructions above) further questions arise regarding mitigation of these OpenSSL vulnerabilities in relation to Joyent products and services, please contact Joyent Support by emailing support@joyent.com or submitting a request at https://help.joyent.com/home.

Sean G. Mar 19 Announcements / Current System Status

Update (as of 22:00 UTC/ 15:00 PT on 25-March-2015):

Further information and instructions for addressing these SSL vulnerabilities can be found in the announcement linked below:

https://help.joyent.com/entries/64734290-Security-Advisory-Addressi...

Initial announcement (as of 19-March-2015):

This notice is to advise Joyent Public Cloud, SmartDataCenter and Manta customers of the following recently-identified security issues reported by the Open SSL Project:

  • OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
    Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    Multiblock corrupted pointer (CVE-2015-0290)
    Segmentation fault in DTLSv1_listen (CVE-2015-0207)
    Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
    Segmentation fault for invalid PSS parameters (CVE-2015-0208)
    ASN.1 structure reuse memory corruption (CVE-2015-0287)
    PKCS7 NULL pointer dereferences (CVE-2015-0289)
    Base64 decode (CVE-2015-0292)
    DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
    Empty CKE with client auth and DHE (CVE-2015-1787)
    Handshake with unseeded PRNG (CVE-2015-0285)
    Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
    X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

Joyent engineers are currently assessing whether these vulnerabilities will impact customers using Manta, SmartDataCenter or any products running on Joyent's infrastructure. Joyent Support will update this announcement with a link to detailed information and advice as soon as we have it.

Joyent customers utilizing third-party operating systems are advised to contact their respective service providers for further information and instructions.

 

 

Elizabeth Jan 28 Announcements / Announcements

This notice is to advise Joyent Public Cloud and Smart Data Center customers of the recently identified glibc Linux security issue CVE-2015-0235 (GHOST).

This vulnerability can be triggered by the gethostbyname functions, impacting many systems built on Linux.

How can you check if you are vulnerable?

You can scan for this vulnerability using the Qualys Vulnerability Management Cloud Solution as QID 123191. If you think you may be affected, patches are available from all of the Linux vendors starting today.

Please note that this vulnerability does *not* impact SmartOS.

For more information on GHOST, including a podcast, please visit the Laws of Vulnerabilities blog.

Jason S. Jan 9 Announcements / Announcements

Joyent engineers have recently identified a bug that may have impacted you. Based on the information provided below, you may need to conduct a review of your SDC 7 network settings, and to make adjustments if you encounter this issue.

The bug, named NAPI-203, allows SDC operators to inadvertently define Logical Networks with overlapping ranges of IP addresses, using either the Network API (NAPI) or the Operations Portal (AdminUI). The net result is that SDC 7 could allocate the same IP address to multiple Virtual Machines (VMs), potentially causing problems with packet routing and interface stability.

This vulnerability is of particular concern for Layer 3 VLANs with public (internet-facing) IP addresses, but it applies to any Logical Network. For Layer 2 (internal) VLANs, this problem could be safely ignored, unless you intend to use overlapping VLANs on the same VM.

Following is an example scenario:

Network 1

  • UUID d7c27155-db87-4382-bcd6-8553a53b6237
  • VLAN ID 102
  • Network 151.1.224.128/26
  • Gateway 151.1.224.129
  • Netmask 255.255.255.192
  • IP Range 151.1.224.131 - 151.1.224.190
  • NIC Tag external
  • Resolvers 8.8.8.8,8.8.4.4

Network 2

  • UUID 69cdf230-3e84-4398-bea4-53aee17af5d4
  • VLAN ID 999
  • Network 151.1.224.128/26
  • Gateway 151.1.224.129
  • Netmask 255.255.255.192
  • IP Range 151.1.224.131 - 151.1.224.140
  • NIC Tag external
  • Resolvers 8.8.8.8

In the example scenario above, note that both Networks could allocate IPs in the range 151.1.24.131 - 140.

We recommend that you conduct a review of your network definitions to see if you have inadvertently created any overlapping definitions. If you do find any -- and you need to correct the situation -- we recommend the following steps:

  1. Determine which Network is incorrectly defined.
  2. If required, create a new, correctly defined Logical Network.
  3. For all VMs on the incorrectly defined Network referenced in Step 1, remove the NIC and allocate them a new NIC on a correctly defined Network.
  4. Once all VMs have been removed from the incorrectly defined Network, delete that Network’s definition.

Please contact Joyent Support via your normal support channels if you have any questions, comments, or concerns regarding this. Thank you.

Joyent

 

Overview | Recent