# Secure Dragon emergency reboot?



## MannDude (May 15, 2013)

> Hello Curtis
> 
> 
> 
> ...


Anyone know whats up?


----------



## wdq (May 15, 2013)

There was a thread about this on LET. RamNode, and most likely all of the other OpenVZ hosts will be doing something similar. Here's an email I got from RamNode.



> Hello,
> 
> This message is to all clients.
> 
> ...


----------



## mnpeep (May 15, 2013)

MannDude said:


> Anyone know whats up?


LET had a thread about this. Someone found a 0day in kernel.


----------



## Nick (May 15, 2013)

Also received a similar one from RamNode as RedHat has recently published a critical security vulnerability and that is all I know.


----------



## Zach (May 15, 2013)

Yeah it was regarding the kernel 0-day


----------



## Orien (May 15, 2013)

http://www.webhostingtalk.com/showthread.php?t=1266042


----------



## Jack (May 15, 2013)

The fact it took them _*24 hours*_ to do this is poor.


----------



## HostUS-Alexander (May 15, 2013)

Yeah, got this from Iniz yesterday:



> Hello Alexander ,
> 
> As a security precaution we have updated all our nodes kernel version to the latest version releated by OpenVZ yesterday, this update fixes a high severity 0 day exploit and as a result we will be updating all our nodes with the latest kernel and reboot the nodes to make update into effect.
> 
> ...


----------



## D. Strout (May 15, 2013)

I've gotten at least half a dozen of these. I don't mind the downtime, everything I have is redundant.


----------



## Awmusic12635 (May 15, 2013)

This is why we use Ksplice


----------



## Magiobiwan (May 15, 2013)

It took I believe about 12 hours for a patched OpenVZ Kernel to be put together. And it's usually nice to have more than 15 minutes of advance notice before Emergency Maint.


----------



## Nick_A (May 15, 2013)

For the record - we waited to make be sure the problem could actually be used to cause reboots/kernal panics on our OpenVZ host nodes before having to do emergency maintenance. We were going to give everyone some more notice, but it turned out to be necessary to apply a permanent fix quickly.


----------



## Robert (May 16, 2013)

Nick_A said:


> For the record - we waited to make be sure the problem could actually be used to cause reboots/kernal panics on our OpenVZ host nodes before having to do emergency maintenance. We were going to give everyone some more notice, but it turned out to be necessary to apply a permanent fix quickly.


I thought about it, but most people I talked to suggested upgrading the kernels right away.


----------



## mikho (May 16, 2013)

The only bad thing I have to say about this is that I lost my uptime 


Which is not as bad as it sounds.


----------



## wlanboy (May 16, 2013)

If I look to my mailbox IPXcore was the first one writing an email. Followed by RamNode and SecureDragon.

Just wondering what my other providers are doing.


----------



## KuJoe (May 17, 2013)

To be honest, RamNode's e-mail is how I found out about the OpenVZ kernel update. Prior to that, I had been waiting for the kernel update which is why there was a delay in getting it patched.

As others have said, I would have preferred to schedule this in advance but with the severity of the exploit was to high to wait any longer. We had to test the new kernel on another node before we were going to apply it to the other nodes which is why it took so long.


----------

