Feb 22, 2016 | Information, Planned Work, Update
This is a notification of a possible low “at risk” issue but we believe this is minimal as we also have our own UPS units covering the services & systems located at HEX.
This is the most recent update from HEX:
“UPS works planned have been unsuccessful. Temporary UPS units are available should we need it. Further replacement parts are being sourced and a more detailed action plan is being drafted in order to resolve the issue as soon as possible.
Resiliency level remains at N and there is no anticipated interruption to your services.
We will provide a further update once resolved or if there is any change to the current situation”
Feb 20, 2016 | Information, Outages, Planned Work
Since the 18th February, we have been working to ensure that all in-house systems affected by this advisory are being patched accordingly. We have been advised and judge that this work needs to be completed as quickly as possible. This may therefore require brief windows of downtime affecting both single and multiple services & circuits.
Wherever possible we will post an early notification of such customer affecting works.
If you have any concerns or require further information, contact support in the normal meaner.
Vulnerability Summary for CVE-2015-7547
Original release date: 02/18/2016
Last revised: 02/19/2016
Source: US-CERT/NIST
Overview
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing “dual A/AAAA DNS queries” and the libnss_dns.so.2 NSS module.
Impact
CVSS Severity (version 3.0):
CVSS v3 Base Score: 8.1 High
Impact Score: 5.9
Exploitability Score: 2.2
CVSS Version 3 Metrics:
Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Feb 2, 2016 | Information, Planned Work, Update
No issues.
Planned Duration:
Start: 09/02/2016 00:01 GMT
Finish: 09/02/2016 05:00 GMT
Task:
One of our interconnect suppliers will be upgrading their capacity with BTW for DSL services in Telehouse North. This will involve migrating traffic on a pair of interconnects to new, higher capacity ones.
Customer Impact:
We do not anticipate any impact to Merula customer traffic, however all BT DSL services delivered from our Telehouse North node should be considered as AT RISK during this maintenance window.
If you have any queries about this work please raise a support ticket with our helpdesk.
We will issue an ALL CLEAR once this work has been completed.
Nov 16, 2015 | Information, Planned Work, Update
COMPLETED: All Work was completed during the evening on 26th November and the Data Centre now has full access to both Mains Power, Generator Power and the UPS. There was no outage to hosted servers during the work.
UPDATE: we will have engineers on site on Thursday 26th, to replace parts in our automatic transfer panel. Most of the work will not be service affecting, however there will be a short period where the data centre will be supplied by UPS alone. While we don’t anticipate any disruption, the power to our racks should be considered at risk during this period. All “at risk” work will be carried out outside core business hours and we will have staff and external electricians on site as needed to monitor/resolve any issues found.
UPDATE: the engineers are about to isolate the mains supply and generator and move us over to UPS power. This has been tested to support the data centre for at least 30 minutes but for the period of down-time, we are at risk.
We are aware of an issue with our changeover panel here and an engineer is en-route to work on this.
If the panel needs to go off-line then resilience will be reduced for a short period but the generator and UPS are still available and have just been fully tested as part of our normal weekly maintenance regime and will cut in automatically. As a reminder, the generator has fuel for at least 24-hours of continuous running.
Once the panel issue has been resolved, we’ll update this post.
Nov 13, 2015 | Information, Planned Work, Update
[UDATE] All work completed to plan.
We plan on making some further changes to a couple of our core network routers to isolate and correct a service setting that is causing a few BGP issues.
This may mean a few blips in routing tables as the changes are disseminated and an occasional up-tick in latency as routes converge and stabilise but we expect no downtime or any significant service issues.
If this planning changes, we will update this ticket
Nov 6, 2015 | Information, Planned Work
Following the outage today, we are during the course of tonight, commencing at around 10pm, making some changes to the core network routing to bring further stability & resilience online. This may mean a few blips in routing tables as the changes are disseminated and an occasional up-tick in latency as routes converge and stabilise but we expect no downtime or any significant service issues.