OVHcloud Bare Metal Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
bash security updates
Scheduled Maintenance Report for Bare Metal Cloud
Completed
A severe security issue has been discovered in the 'bash' Shell: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Almost all distributors have provided updates, which however might not fix the problem completely. More patches might follow in the next hours and days.

Regarding installations on dedicated servers and VPS:
- please update your existing installations now
- monitor your systems for unnormal behaviour, especially if you run CGI-scripts using sh/bash
- The majority of fresh installations use the latest packages available at the time of setup, and should of course be kept-up to date by the system's administrators after delivery
- a small minority of distributions is not automatically updated, the according images are being updated manually.

Update(s):

Date: 2014-10-08 14:15:59 UTC
Regarding cPanel installations:
cPanel in its default installation is vulnerable to remote exploitation of the Shell bug (dubbed \"Shellshock\") if you have not updated your system after disclosure (calendar week 40).

Please make sure to have an up-to-date system as soon as possible, as we are currently seeing increasing amounts of probes and possible infections/abuses of cPanel servers.

You can update your system either through the web interface, or via ssh by issuing \"yum update\" when logged in as root.

Date: 2014-09-26 19:12:21 UTC
It has been confirmed that the first patch which was generally available didn't fix the security problem completely.
Most distributors have reacted with a second update to bash by now, which everybody is encouraged to install as soon as possible. Please check your distribution's security page and update mechanism.

Concerning the OVH Releases:
- An update for Release 2 up to version 2.34 hast been published, you can install it using the \"patch-all\" script: ftp://ftp.ovh.net/made-in-ovh/release/patch-all-release-2.sh
- Release 3: can be updated using \"yum update\" or the update function available in the web interface.
Posted Sep 25, 2014 - 15:20 UTC