All our services were under emergency maintenance on Sunday. In case anybody noticed some down time. VPSDime patched their kernels for these vulnerabilities.
#[SOLVED] Reboot for Meltdown / Spectre patching
Today, Saturday January 6th, 2018, we will be rebooting host nodes serving all VPSDime Linux VPS to execute a new kernel patched against the recently discovered Meltdown and Spectre exploits.
No doubt that in recent days you have noted news that two vulnerabilites have been discovered in all CPUs, ranging back to the development of speculative execution on modern processors over 20 years ago. Although both attacks are based on the same general principle, Meltdown allows malicious programs to gain access to higher-privileged parts of a computerâs memory, while Spectre steals data from the memory of other applications running on a machine. Nearly every modern computer in use is vulnerable at some level.
Our virtualization vendor for the Linux VPS product has recently produced a patch to mitigate these two issues, and this patch has been generally accepted by the computing community at large as being an effective method to ensure that the exploit is ineffective. At this time there is no evidence that the exploit has been applied to gain access to other systems, either on our host nodes or elsewhere.
Due to the grievous nature of these attacks, we are updating all host nodes and rebooting them immediately to execute the new kernel. Note that all vendors of kernel live patching are either taking a very long time to implement a live patch (CloudLinuxâs Kernelcare) or have directly stated that a live patch wonât be available (Canonicalâs Livepatch). Therefore, a reboot of the host node is mandatory in this situation.
We apologize for the inconveience that you will experience due to this, however, please note that we are committed to the utmost stability and security of your virtual machines.
There are some key points to note:
- Weâll use this page to make further announcements regarding this reboot action. So please follow up with this page for the updates.
- All VPS will be gracefully shut down, similar to how the âshutdown -h nowâ or âhaltâ command works inside your VPSâ operating system.
- This update and reboot action will make absolutely no changes to your VPS whatsoever. No changes will be made to your configuration, software, applications, data, or anything else regarding your VPS directly. All VPS will be checked that they are running after the reboot, however, if an application or software youâve installed is not responding, please log in to your VPS and troubleshoot your software and make sure your services are running before opening a ticket.
- Barring any unexpected issues, we expect no more than 30 minutes per host node to reboot. This is the time for VPS to shut down and host node to complete a reboot; your VPS may take a bit longer to boot after the host node comes back online. Your patience is appreciated.
Please note that we are unable to provide a certain time frame for your VPS to be shut down because we are going to apply the security patch on one host node at a time. Again, we apologize for the inconvenience of a reboot.
If you have any questions or concerns regarding this, please click here and open a ticket with us.
See: Reboot for Meltdown / Spectre patching - Announcements - VPSDime
Everything is back to normal.