Updated July 7, 2020
 

Latest Update Impacting Some RHEL / CentOS Servers

NOTE: This issue should now be resolved.
A couple weeks ago, Red Hat released a set of patches which now seem to fix the issue. We are also getting confirmed reports that the fix from Red Hat does resolve this. The ultimate cause and fix can be identified in their article here.
 
Regarding the updates and changes to microcode_ctl – the correct version yum should request for you to install will be microcode_ctl-2.1-61.10.el7_8.x86_64.rpm. If you are given output above that does not match the version, please open a ticket to our support team to review.
 
Original Advisory:
We have observed an issue with a specific CVE update that affects the following system profile:
  • Self-Managed SuperMicro Server (our managed customers need not take any action)
  • Motherboard: X11SSL-F
  • Processor: E3-12XX v5 Skylake
  • Red Hat Enterprise Linux 7, CentOS 7 or CloudLinux 7 Installed

In relation to the recent CVE-2020-0543 that was released and patched on June 10th, 2020, at approximately 9 PM Eastern, we received multiple reports of servers having crashed at the UPCP script for cPanel. At this time, it appears that only the aforementioned hardware configuration with this software is affected, although we are still investigating.

We recommend you do not perform any kernel updates at this time.  You can disable automatic updates via command line by following the instruction below (previous instruction via WHM no longer exists in latest versions of cPanel). Feel free to open a support ticket if you would like our assistance with this. 

As of version 88, cPanel no longer allows you to disable automatic updates via WHM. This must be done via CLI.

In order to disable automatic updates on your cPanel server:

  • SSH to your server or utilize WHM’s “Terminal” application if it is enabled
  • Using your favorite text editor (vi, nano) edit /etc/cpupdate.conf
  • Change the “daily” setting to “manual” for the RPMUP and UPDATES options

Below is an example of a /etc/cpupdate.conf  file with updates disabled:

RPMUP=manual
SARULESUP=daily
STAGING_DIR=/usr/local/cpanel
UPDATES=manual
CPANEL=release

To confirm that updates are disabled: 

  • Log into WHM
  • Go to ‘Server Configuration’ -> ‘Update Preferences’ 
  • Confirm that the message ‘Warning Automatic updates are disabled for this server. We strongly recommend enabling automatic updates’ displays at the top of the page.
You can find more information about this advisory at:
We are in contact with the vendors for more information and assistance. If you have been affected and your server is unreachable, please reach out to our support department so they can make the required BIOS updates and get your system back online.
 

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account -> Support and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: [email protected]. We are also available to you through our phone and live chat system 24/7/365.

 

Additional Links:

Looking for more information on Red Hat? Search our Knowledge Base!  

In need of more great content? Interested in cPanel, Private Cloud, or Edge Computing? Check out our recent posts for more news, guides, and industry insights!

4 thoughts on “Latest Updates Impacting Some Red Hat / CentOS Servers”

  1. can we do our own bios updates over SSH like you can with dell servers?

    I know with our own in house dell servers we run a single command that connects to dells repo and compares all the HW firmware and downloads firmware updates and then says reboot to apply and this updates all components bios/raid/nic etc.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Articles

Hivelocity News

Channel Partners Expo 2021: Wrap-up

Although Channel Partners Conference & Expo might be over, we’d like to take a moment to share some pictures and memories from this year’s Las Vegas event. With the postponement of 2020’s Expo, this year marked Hivelocity’s first official attendance at the long-running conference. As new event sponsors, we couldn’t …

Continue read
Hivelocity News

Is Hivelocity’s TPA2 Your Next Data Center?

Over the last six months, one of the country’s biggest power companies as well as one of its largest cable providers have both reached out asking to utilize footage of our Hivelocity TPA2 data center for upcoming commercials. While we’re not at liberty yet to reveal which companies we’ve been …

Continue read
Hivelocity News

Proxmox VE Now Available with All Instant Deploy Servers

With a blend of KVM hypervisor technology and Linux Containers (LXC), Proxmox VE is the virtualization tool which can revolutionize your development environment. Now available as a default option with all Hivelocity Instant Deployment Dedicated Server purchases, scaling and maintaining your virtual infrastructure has never been easier. “In the past,” …

Continue read

Rapid Restore

Backup your entire server’s data every night and have access to 5 days of rolling restore points.  Restore your server’s data, OS and configuration any time you need it.

Our Rapid Restore service saves the day during accidental data loss, hardware failures and virus contraction. Simply pick your recovery point and restore the data from that day. 

DDoS Protection

While our competitors may advertise DDoS protection, most often, they are merely implementing easily evaded router rules or simply black-holing targeted servers. They consider this “DDoS protecting their network.” However, neither of these solutions should give comfort to any online business. Should your site be attacked, chances are likely both of these options will end with your server being taken offline. At Hivelocity, we take the responsibility of keeping your servers online very seriously. For this reason, we offer two very serious forms of DDoS protection.

FREE

Every solution we provide includes our Filtering Edge of Network System (FENS). FENS is a series of proprietary systems that proactively monitors and protects the entire Hivelocity Network from most common Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks.

$15/MONTH PER SERVER

For an extra fee, you can enhance your server’s protection further with the addition of our Server Defense System. Our Server Defense System sits in front of your server, inspecting inbound data and looking for malicious traffic. The moment an attack is detected, it instantly begins scrubbing each data packet. Hivelocity’s Server Defense System delivers business continuity even in the face of massive and complex attacks.

Our Server Defense System is like adding an alarm and armed guard to your business, alerting you to and destroying anything attempting to jump that fence. Our Server Defense System utilizes internally developed proprietary systems in addition to Corero’s Threat Defense Smartwalls for data packet scrubbing. Each of our data centers is a scrubbing center with Corero Smartwalls on-premise, allowing us to provide on-prem zero-lag data scrubbing.

SSL Certificates

The security of your online commerce and protecting your customers’ data is as important to us as it is to you. When your customers see the green bar, they will know their connection to you is protected. We offer single domain, multi-domain, and wild-card certificates.

We offer industry leading 128-bit encryption certificates, allowing you to conduct e-commerce with complete security. Inspire confidence in your customers by displaying any number of seals and indicators certifying that your site is secure.

Load Balancing

Adding this service to two servers with identical content will allow you to distribute your load evenly across your hardware. Don’t lose business because you couldn’t handle the demand. Load balance and handle your biggest resource spikes with ease.

Firewalls

Stop attacks, prevent unauthorized access, and achieve regulatory compliance. Our Juniper hardware firewalls offload the work so your server never has to consume resources protecting itself from malicious traffic. A single firewall can be used to protect multiple servers.

Cloud Storage

Cloud storage offers users redundancy and easy accessibility, ensuring your data remains secure and readily available. Scale to as much as you need for only a 20¢/GB.

Cloud Storage is distributed and replicated across many servers, protecting your data from hardware failure. Highly scalable, it can handle thousands of client connections via TCP/IP. Connect to your virtual drive with SFTP, FTP, and SSHMount and in the future NFS and AFP. Cloud Storage is based on a stackable design which is upgradeable up to 2TB per instance.