RSS Feed
News
Oct
27
Security Advisory: Important Linux Kernel Vulnerability - Fixed
Posted by Bill Williams on 27 October 2016 02:56 AM

A vulnerability has recently been disclosed in the Linux kernel which affects all supported Linux systems running any distribution.  This vulnerability is serious and may allow a remote exploit or local user to cause privilege escalation, resulting in root access to your server. A working example of the exploit has already been publicly disclosed, thus no advanced knowledge of the Linux kernel is required to gain root access once shell access has been obtained on the target system.

The CVE entry for this vulnerability may be found here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Windows users are unaffected by this vulnerability.  We have not evaluated the status of Linux distributions or versions not mentioned here.  You should consult your distribution's security documentation to determine if your distribution is vulnerable and how to apply the update.

It is especially important to upgrade your kernel if your system provides multi-user services via shell accounts, jail or container-based virtualization, or dynamic web sites. Updates which fix this vulnerability and other security issues and bugs are available immediately for most systems.

CENTOS

CentOS has patched this vulnerability as of:

     * CentOS 7: October 24th, 2016
     * CentOS 6: October 26th, 2016
     * CentOS 5: Updated packages are not yet available.  This post will be updated when they are published.

To verify your system is running the correct kernel, run the following
command:

uname -r

The version should be greater than or equal to the following, depending on your distribution:

     * CentOS 7: 3.10.0-327.36.3
     * CentOS 6: 2.6.32-642.6.2

If your version does not match, please run the following command and ensure an update to the kernel package is included:

yum -y update kernel

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata
curl -s mirror.steadfast.net/mirrorize | bash

These commands will remove cached update information and force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should REBOOT your system _as soon as possible_.

Red Hat published the following advisories regarding this
vulnerability:

     * https://access.redhat.com/security/cve/CVE-2016-5195
     * https://access.redhat.com/security/vulnerabilities/2706661

DEBIAN

Debian has patched this vulnerability as of October 20th, 2016.

To verify your system is running the correct kernel, run the following
command:

uname -v

The version (appearing after "#1 SMP Debian") should be greater than or equal to the following, depending on your distribution:

     * Debian 8 (Jessie): 3.16.36-1+deb8u2
     * Debian 7 (Wheezy): 3.2.84-1
     * Debian 6 (Squeeze): You must upgrade to Debian 7 or later.  This version is no longer supported.

If your version does not match, please run the following command and ensure an update to the kernel package is included:

apt-get update
apt-get install linux-image-`uname -r`

If no update is available, please try the following commands, then repeat the commands above:

curl -s mirror.steadfast.net/mirrorize | bash

This command will force your server to use our mirror server, which is known to already contain the updated kernel version.

After the upgrade processes, you should REBOOT your system _as soon as possible_.

Debian published the following advisories regarding this
vulnerability:

     * https://security-tracker.debian.org/tracker/CVE-2016-5195
     * Jessie: https://www.debian.org/security/2016/dsa-3696
     * Wheezy: https://lists.debian.org/debian-lts-announce/2016/10/msg00026.html


Read more »



Oct
20
Now available :: Pages up to 7 times faster with PHP-FPM shared hosting
Posted by Bill Williams on 20 October 2016 10:20 AM

What is PHP-FPM?

A request made by PHP, one of the most widespread programming languages on the net, consists of interpreting files or associated scripts, and each interpretation draws on elements and actions to be executed. By default, a PHP file is read in an identical and independent manner on each request, without taking any previous requests into account.

With PHP-FPM, the elements and instructions called on when a request is made are stored, i.e. cached on the server, to be reused directly if the same request is made again.

Less requests on the filer therefore means decreased load on the machine (load average), and better availability of resources to carry out other tasks.
In concrete terms, when a visitor's actions on your website involve a request on the system, the PHP interpreter must be activated, be put in memory, list the required elements, find them and then check that the code is valid. Finally, when everything is ready, it executes the request.

Using PHP-FPM, all these operations will already be known and recorded by the server. Their interpretation is thus much faster, as is the page loading that follows.

According to our tests, this facilitates site access an average of 7 times faster than an identical hosting system without this optimisation. Some CMS [Wordpress, Joomla, Magento] users even report performances up to ten times faster!

Who benefits from PHP-FPM?

The benefits of the FPM technique are even more perceptible on online structures such as CMS, as they are based on multiple PHP files that are called on frequently and in large numbers. However, there are certainly advantages on other structures, bearing in mind that it's rare for a website not to use PHP. So it's almost certain that your project will also benefit from it.

The PHP-FPM optimisation is included and activated on all our web hosting offers. However, despite optimisation, the execution of your scripts also depends on the number of PHP workers available to interpret them. However, upgrading to a higher range on a higher tariff will also involve securing more workers and therefore, as much benefit as with PHP-FPM.

Read more »



Jun
1
PHP updated to latest version
Posted by Bill Williams on 01 June 2016 01:41 AM

PHP has been updated to version 5.5.36 in order to address vulnerabilities related to CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093, and CVE-2016-4343

 

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:


CVE-2016-5096 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5096

 

CVE-2016-5094 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5094



CVE-2013-7456 - MEDIUM
PHP 5.5.36
Fixed bug in the GD library related to CVE-2013-7456

 

CVE-2016-5093 - MEDIUM
PHP 5.5.36
Fixed bug in the Intl module related to CVE-2016-5093

 

CVE-2016-4343 - HIGH
PHP 5.5.36
Fixed bug in the phar module related to CVE-2015-8390


Read more »



May
7
ImageMagick Vulnerability – CVE-2016-3714 fixed
Posted by Bill Williams on 07 May 2016 01:21 PM

All of our servers have been patched to remove this new threatening vulnerability.

More information is available at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3714

 


Read more »



Mar
9
Shared hosting: Microsoft SQL Server upgraded to version 2014
Posted by Andy Williams on 09 March 2016 02:29 AM

We are pleased to upgrade to applicable web hosting clients to Microsoft SQL Server 2014. Here are the list of the benefits;

PERFORMANCE & SCALE
o        In-Memory OLTP
o        Enhanced In-Memory ColumnStore for DW
o        Buffer Pool Extension to SSDs
o        Enhanced Query Processing
o        Resource Governor adds IO governance
o        SysPrep at cluster level
o        Predictable performance with tiering of compute, network, and storage with Windows Server 2012 R2

HIGH AVAILABILITY
o        Enhanced AlwaysOn, with 8 secondaries and Replica Wizard
o        Delayed Durability
o        Clustered Shared Volume support, VHDX support (Windows Server 2012 R2)
o        Manage on-premises and cloud apps (System Center 2012 R2)

SECURITY
o        Enhanced separation of duty
o        CC certification at High Assurance Level for 2014
o        Backup encryption support

PROGRAMMABILITY
o        Query optimization enhancements

EASY ACCESS TO DATA, BIG & SMALL
o        Power Query
o        Windows Azure HDInsight Service
o        Analytics Platform System (PDW V2)


To connect to your MSSQL 2014 database remotely, please download the latest version of Microsoft SQL Server 2014 Management Studio and contact technical support to get the server IP address.

 


Read more »