INFORMATION: broadband connections

Tonight we are performing an urgent security update on a number of our core routers that handle FTTC and ADSL connections.

This will manifest as a brief loss of connectivity, possibly twice during the evening but only for a period of a couple of seconds as the sessions are dropped and fail-over to one of our other routers.

The connection should automatically re-establish itself. If after a power-down of your router for 10 minutes and a re-boot you still aren’t able to re-connect, please email into support@merula.net for assistance.

INFORMATION: Network enhancements between THN & HEX 10pm 14th March 2016

At 10pm tonight, we are bringing an additional new resilient link on line between these two sites and as part of this process you should be aware that there is a small risk of some transient disruption to routing tables. This will not affect connectivity and any affected routes should re-converge quickly.

UPDATE: This work has been completed – the new link is now being monitored

UPDATE: Posting email via Merula servers

[Update 15th March] This work has been completed
[Update 14th March] As of tonight, the main outgoing server will be switched to the new site; anyone using an SSL connections needs to ensure they have changed their outbound server name to port.merula.net
[Update] The new post.merula.net server is up and running – If you use SSL or wish to test sending email please try changing to this server name and ensure you can send email OK. Once we are happy we will update the DNS so that post.merula.co.uk also points to the new server.
We are in the process of bringing into service additional upgraded hardware for our outbound email servers (post.merula.net and post.merula.co.uk). At the same time, we have taken the opportunity to upgraded the security certificate.
A side effect of the certificate change on the mail server will require anyone using SSL in their email client to change the Outbound server name from post.merula.co.uk to post.merula.net
The new servers will be made live over this weekend to allow people time to make the necessary changes.
As always, if you have any concerns, please raise a ticket to support@merula.net.

INFORMATION: transit backhaul maintenance work 19th March

Date of work: 19.03.16
Start time: 00:00 GMT
End time: 04:00 GMT
Place of work: London Telehouse North
Work description: Software upgrade on transit supplier core routers

We believe there will be no impact but there could be some very temporary route instability and slight increase in routing times seen as the work starts & ends. This should resolve automatically.

INFORMATION: Telecity at HEX — work on facility UPS

This is a notification of a possible low “at risk” issue but we believe this is minimal as we also have our own UPS units covering the services & systems located at HEX.

This is the most recent update from HEX:

“UPS works planned have been unsuccessful. Temporary UPS units are available should we need it. Further replacement parts are being sourced and a more detailed action plan is being drafted in order to resolve the issue as soon as possible.

Resiliency level remains at N and there is no anticipated interruption to your services.

We will provide a further update once resolved or if there is any change to the current situation”

SECURITY PATCHES: Vulnerability Summary for CVE-2015-7547 – glibc

Since the 18th February, we have been working to ensure that all in-house systems affected by this advisory are being patched accordingly. We have been advised and judge that this work needs to be completed as quickly as possible. This may therefore require brief windows of downtime affecting both single and multiple services & circuits.

Wherever possible we will post an early notification of such customer affecting works.

If you have any concerns or require further information, contact support in the normal meaner.

Vulnerability Summary for CVE-2015-7547

Original release date: 02/18/2016
Last revised: 02/19/2016
Source: US-CERT/NIST

Overview

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing “dual A/AAAA DNS queries” and the libnss_dns.so.2 NSS module.

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score: 8.1 High
Impact Score: 5.9
Exploitability Score: 2.2
CVSS Version 3 Metrics:
Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High