We have scheduled an upgrade of our internal email system.

Date: Sunday, June 4th, 2017
Start Time: 12:00 AM CDT (GMT -5)
End Time: 1:00 AM CDT (GMT -5)
Maintenance Scope: Steadfast Email System (all steadfast.net email addresses)

Customer Impact:

During the maintenance, steadfast.net email addresses may be unavailable for up to 1 hour.  Email support requests will not be received promptly, but they will be processed when they are received after the maintenance completes.  This may cause temporary error messages and delayed responses to emailed tickets and ticket replies.

This maintenance will not impact any customer services or customer email systems.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.

We have scheduled an upgrade of our cloud hosting control panel server (https://vm.steadfast.net).  This maintenance will upgrade the software to a new major version which fixes many bugs, adds new features and improves performance.

Date: Sunday, March 19th, 2017
Start Time: 12:00 AM CDT (GMT -6)
End Time: 4:00 AM CDT (GMT -6)
Maintenance Scope: Cloud Hosting Control Panel at https://vm.steadfast.net

Customer Impact:

Access to information about and control of VMs will be unavailable for part of this maintenance.  Both customers and staff will be unable to provision, control, or view system details of VMs and related resources.  No impact is expected to running VMs and support and billing systems will remain available for the entire window.

There are no significant user-visible changes in this release.

There are some new features added in this release which will not be enabled immediately upon upgrade.  We will provide additional information to customers if and when we decide to enable any of these in the future.

If you have any questions or need assistance during the upgrade, please visit our help desk or email us.

We have scheduled an upgrade of our internal email system.

Date: Sunday, February 12th, 2017
Start Time: 1:00 AM CST (GMT -6)
End Time: 2:00 AM CST (GMT -6)
Maintenance Scope: Steadfast Email System (all steadfast.net email addresses)

Customer Impact:

During the maintenance, steadfast.net email addresses may be unavailable for up to 1 hour.  Email support requests will not be received promptly, but they will be processed when they are received after the maintenance completes.  This may cause temporary error messages and delayed responses to emailed tickets and ticket replies.

This maintenance will not impact any customer services or customer email systems.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.

We have scheduled an upgrade of our help desk software (https://support.steadfast.net).  This update addresses minor bugs.

Date: Sunday, February 12th, 2017
Start Time: 12:00 AM CST (GMT -6)
End Time: 1:00 AM CST (GMT -6)
Maintenance Scope: Help Desk at https://support.steadfast.net

Customer Impact:

The ability to submit tickets via email and the help desk, as well as the ability to view existing tickets and knowledgebase articles will be unavailable during parts of the maintenance.  Any requests submitted via email will be processed immediately after the maintenance is complete.

While the maintenance window has been set for 1 hour, we expect the upgrade process will take less than 15 minutes to complete.  We are allowing extra time for testing and to tend to any unexpected issues that may occur.

If you need urgent assistance during the upgrade, please call us at (312) 602-2689.

Note: This is rescheduled from an earlier maintenance attempt that could not be completed due to a hardware issue.  The planned changes have been adjusted to eliminate the hardware problem during the maintenance.

We are performing maintenance on our Linux shell-based backup server shell01.backup.steadfast.net to upgrade the operating system from CentOS 5 to CentOS 7.  This maintenance has been scheduled during the afternoon in order to reduce impact on regular backup traffic.

Date: Thursday, January 5th, 2016
Start Time: 2:00 PM CST
End Time: 5:00 PM CST
Maintenance Scope: Shell-based backup server "shell01.backup.steadfast.net"

Customer Impact:

The server and related data will be inaccessible during maintenance.  No other services will be impacted, including any other type of backup services.

During the maintenance, the server will be shut down, upgraded according to an existing tested plan, then restored to normal operation.  All existing user accounts and data will be preserved and procedures for use of the system should remain unchanged.

If you have any questions regarding this maintenance, or for assistance in upgrading the agent on your server(s), please feel free to contact us via our helpdesk or by email.

Update: This advisory has been updated with information for users running CentOS 5.  No other information has been changed, however if you have not yet taken action, we encourage you to do so as soon as possible.

Important Note: CentOS 5 will reach its end of life on March 31, 2017, at which point security updates will no longer be produced.  We strongly recommend upgrading to a newer version of CentOS before this date.  Upgrading to CentOS 7 will provide support through June 30, 2024.  Please contact support if you'd like to plan an upgrade.

A vulnerability has recently been disclosed in the Linux kernel which affects all supported Linux systems running any distribution.  This vulnerability is serious and may allow a remote exploit or local user to cause privilege escalation, resulting in root access to your server. A working example of the exploit has already been publicly disclosed, thus no advanced knowledge of the Linux kernel is required to gain root access once shell access has been obtained on the target system.

The CVE entry for this vulnerability may be found here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Windows users are unaffected by this vulnerability.  We have not evaluated the status of Linux distributions or versions not mentioned here.  You should consult your distribution's security documentation to determine if your distribution is vulnerable and how to apply the update.

It is especially important to upgrade your kernel if your system provides multi-user services via shell accounts, jail or container-based virtualization, or dynamic web sites. Updates which fix this vulnerability and other security issues and bugs are available immediately for most systems.

CentOS

CentOS has patched this vulnerability as of:

• CentOS 7: October 24th, 2016
• CentOS 6: October 26th, 2016
• CentOS 5: October 28th, 2016

To verify your system is running the correct kernel, run the following command:

uname -r

The version should be greater than or equal to the following, depending on your distribution:

• CentOS 7: 3.10.0-327.36.3
• CentOS 6: 2.6.32-642.6.2
• CentOS 5: 2.6.18-416

If your version does not match, please run the following command and ensure an update to the kernel package is included:

yum -y update kernel

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata
curl -s mirror.steadfast.net/mirrorize | bash

These commands will remove cached update information and force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should reboot your system as soon as possible.

Red Hat published the following advisories regarding this vulnerability:

• https://access.redhat.com/security/cve/CVE-2016-5195
• https://access.redhat.com/security/vulnerabilities/2706661

Debian

Debian has patched this vulnerability as of October 20th, 2016.

To verify your system is running the correct kernel, run the following command:

uname -v

The version (appearing after "#1 SMP Debian") should be greater than or equal to the following, depending on your distribution:

• Debian 8 (Jessie): 3.16.36-1+deb8u2
• Debian 7 (Wheezy): 3.2.84-1
• Debian 6 (Squeeze): You must upgrade to Debian 7 or later.  This version is no longer supported.

If your version does not match, please run the following command and ensure an update to the kernel package is included:

apt-get update
apt-get install linux-image-`uname -r`

If no update is available, please try the following commands, then repeat the commands above:

curl -s mirror.steadfast.net/mirrorize | bash

This command will force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should reboot your system as soon as possible.

Debian published the following advisories regarding this vulnerability:

• https://security-tracker.debian.org/tracker/CVE-2016-5195 
• Jessie: https://www.debian.org/security/2016/dsa-3696
• Wheezy: https://lists.debian.org/debian-lts-announce/2016/10/msg00026.html  

Public Cloud

Templates with the updated kernels for the Steadfast Public Cloud were made available on Monday, October 24th - 26th for new VMs.  Be sure to update any VMs provisioned before that date as soon as possible using the directions above.

If you have any questions or need assistance performing these upgrades, please contact us and we'll be happy to help.