• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution
    Highlighted

    When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    As the question states... When will GoDaddy patch Virtuozzo VPS's at the hardware node to ensure that us poor paying customers aren't vulnerable to the recent Dirty COW exploit? (CVE-2016-5195)

     

    I'd like to know a time frame, if possible. It appears the last kernel has long since been outdated and should've been updated long ago??

     

    uname -rv returns this:

    2.6.32-042stab093.4 #1 SMP Mon Aug 11 18:47:39 MSK 2014

    1 ACCEPTED SOLUTION

    Accepted Solutions
    Highlighted
    Solution

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    Since I do not know whether OpenVZ is vulnerable to this vulnerability, though I suspect the hardware node might be, there's probably nothing to worry about. I'll put my faith in GoDaddy's server admins and presume it has all been taken care of and that they would've updated what they needed to update if it were affected. A little transparency on what they patch and when would be fantastic though. I feel like I don't get the right answers when I call regarding server patching.

     

    Resolved.

    View solution in original post

    5 REPLIES 5
    Highlighted
    Community Manager
    Community Manager

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    Hi, @RareHost. Thanks for being part of GoDaddy Community. Unfortunately, I don't have any information on when this will happen. I know our developers are working to get a patch ready, though. I would recommend reaching out to our server support staff for further updates on your particular account.

     

    JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.
    Highlighted

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    I haven't seen anywhere yet that you have patched your Linux servers for the Dirty Cow vulnerability. Has this been done yet??

    Highlighted
    Moderator
    Moderator

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    Hey @csirvatka

     

    I just got word from our developers that the patching is currently in progress and will take some time to complete. Unfortunately I can't provide a more specific ETA as this is being applied to very large environment. However, I can assure you they are diligently working to complete this update as soon as possible. 

     

    We'll try to follow up with updates as soon as they're made available to us. 

     

    CG - GoDaddy | Community Moderator
    24/7 support available at x.co/247support
    Highlighted

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    Hi Moderators,

     

    This appears to still be an active vulnerability in the environment.

     

    It has been 2 months now... Can you PLEASE advise me when the time frame of this patch is likely to be? The delay in patching this has made me question whether I can rely on GoDaddy hosting and am strongly reconsidering it!

    Highlighted
    Solution

    Re: When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    Since I do not know whether OpenVZ is vulnerable to this vulnerability, though I suspect the hardware node might be, there's probably nothing to worry about. I'll put my faith in GoDaddy's server admins and presume it has all been taken care of and that they would've updated what they needed to update if it were affected. A little transparency on what they patch and when would be fantastic though. I feel like I don't get the right answers when I call regarding server patching.

     

    Resolved.

    View solution in original post