Outage in Umbrellar
Upcoming Critical OpenSSL Vulnerability
Resolved MaintenanceIncident Report
What is it?
The OpenSSL Project will release a security fix (OpenSSL version 3.0.7) for a new-and-disclosed CVE on Tuesday, November 1, 2022. This CVE is categorized as “CRITICAL” and affects all OpenSSL versions after 3.0.
Who is impacted?
Users running newer operating systems (OpenSSL versions after 3.0) and application stacks like NodeJS.
Linux Distro OpenSSL Version
CentOS Linux release 7.9 1.0.2
CentOS 8 (1.1.1)
CentOS Stream 9 (3.0.1)
Debian 11 (bullseye) (1.1.1)
Eneavour 2022.09.10 (1.1.1)
Fedora 34 (1.1.1)
Fedora 35 (1.1.1)
Fedora 36 (3.0.5)
Fedora Rawhide (3.0.5)
Kali 2022.3 (3.0.5)
Linux Mint 21 Vanessa (3.0.2)
Mageia 7 (1.1.1)
Mageia 8 (1.1.1)
Mageia Cauldron (3.0.5)
OpenMandriva 4.3 (3.0.3)
OpenMandriva Cooker (3.0.6)
OPNsense 22 1.1.1
OpenSuSE Leap 15.2 (1.1.1)
OpenSuSE Leap 15.3 (1.1.1)
OpenSuSE Leap 15.4 (1.1.1)
Proxmox 6 1.1.1
Redhat ES 9 3.0
Rocky Linux release 9.0 (Blue Onyx) 3.0.1
Slackware 14 1.0.1
Ubuntu 20.04 (1.1.1)
Ubuntu 22.04 (3.0.2)
Node.js v18.x and v19.x use OpenSSL v3. Therefore these release lines are impacted by this update.
References
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
https://www.globalsign.com/en/blog/urgent-patch-openssl-november-1-avoid-critical-security-vulnerability
https://nodejs.org/en/blog/vulnerability/openssl-november-2022/
Components affected
Umbrellar Cloud Services Engineering Support - Work HoursNeed to monitor Umbrellar outages?
One place to monitor all your cloud vendors. Get instant alerts when an outage is detected.
Latest Updates ( sorted recent to last )
RESOLVED
almost 3 years ago - at 11/06/2022 10:30PM
This incident has been resolved.
IDENTIFIED
about 3 years ago - at 10/30/2022 11:58PM
We are continuing to work on a fix for this issue.
IDENTIFIED
about 3 years ago - at 10/30/2022 11:45PM
What is it?
The OpenSSL Project will release a security fix (OpenSSL version 3.0.7) for a new-and-disclosed CVE on Tuesday, November 1, 2022. This CVE is categorized as “CRITICAL” and affects all OpenSSL versions after 3.0.
Who is impacted?
Users running newer operating systems (OpenSSL versions after 3.0) and application stacks like NodeJS.
Linux Distro OpenSSL Version
CentOS Linux release 7.9 1.0.2
CentOS 8 (1.1.1)
CentOS Stream 9 (3.0.1)
Debian 11 (bullseye) (1.1.1)
Eneavour 2022.09.10 (1.1.1)
Fedora 34 (1.1.1)
Fedora 35 (1.1.1)
Fedora 36 (3.0.5)
Fedora Rawhide (3.0.5)
Kali 2022.3 (3.0.5)
Linux Mint 21 Vanessa (3.0.2)
Mageia 7 (1.1.1)
Mageia 8 (1.1.1)
Mageia Cauldron (3.0.5)
OpenMandriva 4.3 (3.0.3)
OpenMandriva Cooker (3.0.6)
OPNsense 22 1.1.1
OpenSuSE Leap 15.2 (1.1.1)
OpenSuSE Leap 15.3 (1.1.1)
OpenSuSE Leap 15.4 (1.1.1)
Proxmox 6 1.1.1
Redhat ES 9 3.0
Rocky Linux release 9.0 (Blue Onyx) 3.0.1
Slackware 14 1.0.1
Ubuntu 20.04 (1.1.1)
Ubuntu 22.04 (3.0.2)
Node.js v18.x and v19.x use OpenSSL v3. Therefore these release lines are impacted by this update.
References
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
https://www.globalsign.com/en/blog/urgent-patch-openssl-november-1-avoid-critical-security-vulnerability
https://nodejs.org/en/blog/vulnerability/openssl-november-2022/
Latest Umbrellar outages
Azure Front Door - Connectivity issues - 5 days ago
P1 | Loss of Internet to Servers, VMs (Airedale DC) Multiple Customers | Platforms/Backups - 4 months ago
Auckland VMWare Host Failure - 4 months ago
Christchurch Datacentre Outage - almost 2 years ago
Cyclone Gabrielle - Service disruption - over 2 years ago
The Status Page Aggregator Built for IT Teams
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 4522 services available
Integrations with
