Stay updated with announcements, get answers from the community and share your feature suggestions with us.
You can also submit a request or send us an email at email@example.com.
Sean G. Jun 28 • Announcements / Security Advisories
New releases of the Node.js packages have been added to the 2016Q1 pkgsrc repository. The following latest package releases address the vulnerabilities outlined in this notice:
If you are running on a SmartOS image that is using a different pkgsrc repository, you can still install the above by using the following command (you may want to first test for any potential incompatibilities on a non-production machine):
$ pkg_add http://pkgsrc.joyent.com/packages/SmartOS/2014Q4/x86_64/All/<nodejs_package>
You can visit this Node.js page for more information about these vulnerabilities.
Triton Cloud Users
The public cloud has been fixed; customers are advised to update their individual instances with the relevant Node.js packages.
Triton Enterprise Users
We will update this notice as soon as the 20160625 and 20160707 releases become available via the support channel, so that software customers can update their installations.
Please check the notices applicable to the Linux Distro you are using for the necessary remedial actions:
This notice is to advise all Triton Cloud (public cloud) and Triton Enterprise software (formerly SDC) customers of the following recently-identified Node.js security vulnerabilities:
Zone::Newfunction. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution; mitigation will be required.
For now, you can visit this Node.js page to obtain additional details. Within the next several days, Joyent will proactively update this notice to confirm actions that we have taken, as well as provide specific details on any required actions to be taken by both Triton Cloud and Triton Enterprise customers to mitigate CVE-2016-1669. Your attention is appreciated.
Sean G. May 27 • Announcements / Current System Status
This notice is to alert our Joyent Public Cloud and Manta Storage Service customers to our newly enhanced maintenance/incidents notification system:
In making this change, our goal is to provide you (and all of our customers) with even faster, more user-tailored and efficient cloud-wide notifications about planned maintenance and unplanned incidents. This new notification system will allow us to reach that commitment.
An important feature of our new notification system is that customers can subscribe to receive email notices of incidents and maintenance activities. In order to subscribe to these timely email alerts, follow these simple steps:
That’s all you need to do! Of course, you will also be able to view maintenance and incident notifications directly at https://status.joyent.com.
Thank you for your time in attending to this notice. If you are a Joyent customer and have any further questions regarding this change, please do not hesitate to submit a request via http://help.joyent.com or by email to firstname.lastname@example.org.
Ryan May 26 • JoyentCloud Knowledge Articles / Virtual Machines
If you run into the following errors attempting to start services via systemctl in centos-7 or other systemd based infrastructure containers:
# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Create a directory
in this case, for httpd, that would be
Create a file named override.conf in that directory, i.e.:
Edit that file to contain
The service should now start properly.
Sean G. May 3 • Announcements / Security Advisories
(Updates as of 24-May-2016 UTC appear with asterisk*)
(First update appeared 9-May-2016 UTC; Original Notice appears at the bottom of this post)
Update to the fixed release of the affected versions, as shown in the table below:
|CVE||Version(s) Affected||Fixed Release(s)||Where Available|
You can determine whether OpenSSL is installed (as well as the version you have installed) by running:
$ pkgin ls | grep -i openssl
$ pkgin -y up && pkgin -y in openssl
Or, install the version needed (if only available in a different repository), by running:
$ pkg_add pkgsrc_path_to_package
For example, if you need to install OpenSSL version 1.0.2h from the 2016Q1 repository, but you are running on an image that is using a different repository, you can install the 1.0.2h version by running the following (with the caveat that we strongly suggest you first try this on a non-production machine, to ensure you do not run into any dependency issues):
$ pkg_add https://pkgsrc.joyent.com/packages/SmartOS/2016Q1/x86_64/All/openssl-1.0.2h.tgz
The following Triton components have been fixed and are now available from the support channel:
For further details on applying updates, you can reference the Triton maintenance and upgrades web page. Should you require any further assistance with your updates to the components above, please contact our Support team by raising a request at the Customer Support portal or emailing email@example.com.
Please be assured that any Joyent components identified as being affected will be updated.
Please check the notices applicable to the Linux distro that you are using:
As described in the 6-May-2016 Node.js update found here, the following releases have been made available to include the OpenSSL security updates:
Please upgrade your Node.js installation as soon as possible.
Update boot platform image to: release-20160428-20160504T174400Z
Update adminui, docker, and imgapi to the 20150512* releases.*
Direct any further questions to: The SmartOS Community Mailing Lists and IRC
(Posted 3-May-2016 UTC)
This notice is to provide preliminary advice to all Joyent Public Cloud (JPC) customers and all Triton Elastic Infrastructure (formerly SDC 7) software customers of the recently-identified, high-severity OpenSSL security vulnerabilities CVE-2016-2108 and CVE-2016-2107, as well as four low-severity CVEs. Further information regarding these vulnerabilities is available here.
As soon as we can, we will update this notice to confirm the actions taken by Joyent, and to provide specific details of any required actions -- such as pkgsrc and software updates -- that will need to be taken by both JPC and Triton/SDC customers.
Node users are advised to watch for updates here; any new Node.js releases impacting software will be included in the above-mentioned Joyent pkgsrc and software updates.