The security world seems to have a solid formula for instant success: discover an ultra-obscure vulnerability, publish it, assign some doomsday scenarios where it can be used, create a scary logo, and the press runs away with it.
The latest of these is Venom (CVE-2015-3456), which follows last year’s Poodle and Heartbleed. Forbes put it best — and a sentiment echoed by the security people with whom we consult — it is “an interesting bug to the sorts of people who do exploit research for a living”.
Now that the vulnerability has been made public, our infrastructure providers must patch it before exploits are discovered in the wild. No such discoveries have been made thus far.
It is regrettable that Venom requires another round of reboots at the host machine level — and this could affect the availability of your search endpoints. These reboots will start later this evening in the United States.
Allow us to stipulate our position with regard to this bug and your instances:
- The nature of this exploit is such that it’s exceedingly unlikely that there has been—or ever could be—any compromise with your data. We do not give root access to our users, and we have numerous safeguards in place to prevent and alert (in the event of any unauthorized root access attempts).
- Our infrastructure provider partners at AWS, Rackspace, and Softlayer are rebooting their host machines anyway because they are zealous guardians of their customers’ security.
- If you have a production-worthy cluster of at least 3 nodes, this is unlikely to have an effect on you. Take the native-node recovery goodness of Elasticsearch itself along with our own tweaks, and you can rest secure in the knowledge that the remaining nodes should quickly take up the slack for any node takedowns.
- If you have fewer than 3 nodes, the rolling reboots could affect your uptime. Most customers with this setup are in staging and development and hopefully will not experience any negative production workload effects. (If you’re using fewer than 3 nodes in production, you should ping us by filling out a support ticket). Remember that it only takes about 2 minutes to reboot a host machine.
Security is, and always has been, of utmost importance to us. Please know that our support team is monitoring this situation to minimize any impact.