Past Incidents

Sunday 8th April 2018

No incidents reported

Saturday 7th April 2018

No incidents reported

Friday 6th April 2018

No incidents reported

Thursday 5th April 2018

Managed Server Version 5: openjdk-7 update, scheduled 6 years ago

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

openjdk-7 was updated to the latest version

openjdk-7-jre-headless/oldstable 7u171-2.6.13-1~deb8u1 amd64 [upgradable from: 7u151-2.6.11-2~deb8u1]

Wednesday 4th April 2018

No incidents reported

Tuesday 3rd April 2018

Managed Server Version 4: php5 update, scheduled 6 years ago

Wei Lei and Liu Yang of Nanyang Technological University discovered a stack-based buffer overflow in PHP5 when parsing a malformed HTTP response which can be exploited to cause a denial-of-service.

We have updated php5 to the latest version.

php5 5.4.45-0+deb7u13 [upgradable from: 5.4.45-0+deb7u12]

Managed Server Version 5: nodejs update, scheduled 6 years ago

We have updated nodejs 6 to the latest version.

nodejs/unknown 6.14.1-1nodesource1 amd64 [upgradable from: 6.14.0-1nodesource1]
Changelog: https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.14.1

Managed Server Version 4 and 5: openssl update, scheduled 6 years ago

It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.

openssl was updated to the latest version.

openssl/oldstable 1.0.1t-1+deb8u8 amd64 [upgradable from: 1.0.1t-1+deb8u7]
openssl/oldstable 1.0.1t-1+deb7u4 amd64 [upgradable from: 1.0.1t-1+deb7u3]

Managed Server Version 5: A bug prevented changing the php version

Changing from php70 to php72 was not possible. Same thing on the other hand. This bug has now been fixed.

Monday 2nd April 2018

No incidents reported