Wednesday, February 17, 2016

A critical vulnerability in glibc (affecting Linux) has been publicly disclosed and it requires immediate attention. 

Vulnerability details: Google, Debian, RedHat

As this vulnerability is serious in nature, we had to go through unnanounced maintanance to ensure that our infrastructure is not affected, resulting in temporarily connection issues.   

Since this vulnerability is entirely related to DNS queries, the DNS resolvers we use were a maximum priority in the patching process, as they are being used both by our servers and all our users. They've been all updated within 2 hours following the disclosure.  

• - OpenSSH which we use on all servers was never affected as we use the config parameter "UseDNS no" on all our servers. 
• - OpenVPN isn't affected in our implementation.
• - IPsec, PPTP and proxy services have been restarted following the patch.
• - Webserver services such as nginx and lighttpd which we use both publicly and internally might have been affected and they've been restarted.  

There still are a few services and servers, not entirely essential to the VPN service/infrastructure per se, that need to be restarted. Therefore, some short connection issues are likely in the next 12 hours.