News

We have scheduled a hardware replacement in one of our core routers in Chicago, IL to address a known issue.

Date: Sunday, February 8th, 2015
Start Time: 12:00 AM CST (GMT -6)
End Time: 3:00 AM CST (GMT -6)
Maintenance Scope: Line card replacement in core router in Chicago, IL

Customer Impact:

We expect the customer impact of this maintenance to be minimal, though some brief periods of localized inaccessibility and sub-optimal routing may occur.  If you are a BGP customer, please verify that you have dual sessions established to avoid an extended interruption in service during the work.

During the maintenance, we will replace a line card in one of our core routers due to recommendations from our hardware vendor. This router will be removed from production gracefully, have its hardware replaced, then be brought back into production.

While the work itself is expected to be completed quickly, we are reserving extra time to allow for extensive testing. This will give us the ability to ensure that all carriers are back online and traffic is flowing as expected within the maintenance window.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.

A vulnerability has recently been disclosed in the GNU C Library (glibc) which affects all systems running CentOS 5 - 7, and Debian 7 "Wheezy."  This vulnerability is serious and may allow a remote user to trick your server into running code with the privilege level of a service like web or mail.

This vulnerability exists in all common versions of glibc through 2.17.  It was fixed in version 2.18 in mid-2013 but was not regarded as a security issue and so no security release was made for previous versions at the time.

This issue is known as the "GHOST" vulnerability.  It has been assigned the ID CVE-2015-0235 in the Common Vulnerabilities and Exposures database.  Qualys, the company that discovered the vulnerability, has published a useful article explaining what GHOST is.

Windows servers do not use glibc.  You may wish to check any third-party software you have installed for bulletins and updates, if applicable.  Some third-party applications include a separate copy of glibc instead of using the operating system version.

CentOS and Debian have patched this vulnerability as of January 27th, 2015.  To completely patch this vulnerability, you must update your glibc package and then restart all services that use glibc.  Because of the fact that glibc is used by nearly every application in Linux, it is strongly recommended that you reboot your server after installing the update to ensure nothing is missed.

CentOS

To check which version of glibc is installed, run the following command:

rpm -q glibc

The version number should be greater than or equal to the following, based on the version of CentOS you are using:

• CentOS 5: 2.5-123.el5_11.1
• CentOS 6: 2.12-1.149.el6_6.5
• CentOS 7: 2.17-55.el7_0.5

When reading a version number from left to right, if you reach a number that is higher than the above version for your OS, you likely already have a patched version.  For example, 2.5-124 is newer than 2.5-123.el5_11.1. If you have any doubt, please contact support and we will be happy to review your system.  If your version number is lower, please run the following command and ensure an update to the openssl package is included:

yum -y update glibc

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata

After the upgrade processes, you should restart your web server and all other services running on your system.  For example, to restart your web server, you can run the following command:

service httpd restart

If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one.  If you have any doubts about which services to restart, we recommend restarting your entire server.  You can do this by running the command:

reboot

Red Hat published the following advisories regarding this vulnerability:

• https://access.redhat.com/security/cve/CVE-2015-0235
• CentOS 5: https://rhn.redhat.com/errata/RHSA-2015-0090.html
• CentOS 6 & 7: https://rhn.redhat.com/errata/RHSA-2015-0092.html

Debian 7

To check which version of glibc is installed, run the following command:

dpkg -s libc6 | grep Version

The version number should be greater than or equal to 2.13-38+deb7u7.

The notable part to look for is the "+deb7u7" at the end.  If the last number is not 7 or higher, or the part after "+" is missing, you will need to upgrade.  If your version number is lower, please run the following command and ensure an update to the libc6 packages are included:

apt-get update
apt-get install -y libc6

For example, to restart your web server, you can run the following command:

service apache2 restart

If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one.  If you have any doubts about which services to restart, we recommend restarting your entire server.  You can do this by running the command:

reboot

Debian published the following advisories regarding this vulnerability:

• https://www.debian.org/security/2015/dsa-3142
• https://security-tracker.debian.org/tracker/CVE-2015-0235

If you have any questions or need assistance performing these upgrades, please contact us and we'll be happy to help.

We have scheduled an upgrade of our internal email system to improve performance and add new features.

Date: Sunday, January 4th, 2015
Start Time: 1:00 AM CST (GMT -6)
End Time: 3:00 AM CST (GMT -6)
Maintenance Scope: Steadfast Email System (all steadfast.net email accounts)

Customer Impact:

During the maintenance, steadfast.net email addresses may be unavailable for up to 2 hours.  Email support requests will not be received promptly, but they will be processed when they are received after the maintenance completes.  This may cause temporary error messages and delayed responses to emailed tickets and ticket replies.

This maintenance will not impact any customer services or customer email systems.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.

We have scheduled an upgrade of our cloud hosting control panel server (https://vm.steadfast.net).  This maintenance will upgrade the software to a new major version which fixes many bugs, adds new features, and improves performance.

Date: Saturday, December 13th, 2014
Start Time: 12:00 AM CST (GMT -6)
End Time: 8:00 AM CST (GMT -6)
Maintenance Scope: Cloud Hosting Control Panel at https://vm.steadfast.net
Customer Impact: Access to information about and control of VMs will be unavailable for part of this maintenance.

There are two phases to this maintenance work.  The first phase will involve applying updates to the control panel server and the second phase will upgrade the management components on the hypervisors.  We expect the first phase to be completed within 5 hours, after which we will immediately begin the second phase and complete it as soon as possible.

During the maintenance period, both customers and staff will be unable to provision, control, or view system details of VMs and related resources.  Neither phase is expected to impact running VMs and support and billing systems will remain available.

Notable user-visible changes include the following:

• A new HTML5 VM console has replaced the Java console, improving browser compatibility
• Virtual Machines have been renamed "Virtual Servers"
• Performance improvements

If you have any questions or need assistance during the upgrade, please visit our help desk or email us.

We have scheduled an upgrade of our cloud hosting control panel server (https://vm.steadfast.net).  This upgrade will make system changes in preparation for a major control panel upgrade that is planned to occur next month.

Date: Saturday, November 15th, 2014
Start Time: 12:00 AM CST (GMT -6)
End Time: 2:00 AM CST (GMT -6)
Maintenance Scope: Cloud Hosting Control Panel at https://vm.steadfast.net
Customer Impact: Access to information about and control of VMs will be unavailable.

During the maintenance period, both customers and staff will be unable to provision, control, or view system details of VMs and related resources. Running VMs will not be impacted by this maintenance and support and billing systems will remain online.  We expect the entire upgrade process will take 1 to 2 hours to complete.

There will be no user-visible changes to the system as part of this upgrade.

If you have any questions or need assistance during the upgrade, please visit our help desk or email us.

We have scheduled an upgrade of our R1Soft Server Backup (formerly Idera Server Backup or R1Soft CDP) platform software on cdp01.steadfast.net to version 5.8.1.  This update will fix minor bugs and disable SSLv3 support as a means to mitigate the POODLE vulnerability.  Please note that POODLE attacks require use of the web-based backup manager.  SSLv3 is not used for taking backups.

This upgrade is being performed during the daytime, mid-week, because it is the lowest utilization period.

Date: Wednesday, November 5th, 2014
Start Time: 2:00 PM CST (GMT -6)
End Time: 3:00 PM CST (GMT -6)
Maintenance Scope: cdp01.steadfast.net Backup Server

Customer Impact:

Backups will not be performed and restoration services will be unavailable during the maintenance period. This maintenance will not impact customer equipment or services other than backup tasks.

If you are not already running agent version 5.8 or newer, it is strongly recommended.  It is safe to upgrade the agent to version 5.8.1 before the manager has been upgraded.

The full release notes may be viewed here.

If you have any questions regarding this maintenance, or for assistance in upgrading the agent on your server(s), please feel free to contact us via our helpdesk or by email.