• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution

    When will GoDaddy patch Virtuozzo VPS host node against Dirty COW exploit (CVE-2016-5195)?

    As the question states... When will GoDaddy patch Virtuozzo VPS's at the hardware node to ensure that us poor paying customers aren't vulnerable to the recent Dirty COW exploit? (CVE-2016-5195)

     

    I'd like to know a time frame, if possible. It appears the last kernel has long since been outdated and should've been updated long ago??

     

    uname -rv returns this:

    2.6.32-042stab093.4 #1 SMP Mon Aug 11 18:47:39 MSK 2014

    1 ACCEPTED SOLUTION

    Since I do not know whether OpenVZ is vulnerable to this vulnerability, though I suspect the hardware node might be, there's probably nothing to worry about. I'll put my faith in GoDaddy's server admins and presume it has all been taken care of and that they would've updated what they needed to update if it were affected. A little transparency on what they patch and when would be fantastic though. I feel like I don't get the right answers when I call regarding server patching.

     

    Resolved.

    View solution in original post

    5 REPLIES 5
    Community Manager

    Hi, @RareHost. Thanks for being part of GoDaddy Community. Unfortunately, I don't have any information on when this will happen. I know our developers are working to get a patch ready, though. I would recommend reaching out to our server support staff for further updates on your particular account.

     

    JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

    I haven't seen anywhere yet that you have patched your Linux servers for the Dirty Cow vulnerability. Has this been done yet??

    Hey @csirvatka

     

    I just got word from our developers that the patching is currently in progress and will take some time to complete. Unfortunately I can't provide a more specific ETA as this is being applied to very large environment. However, I can assure you they are diligently working to complete this update as soon as possible. 

     

    We'll try to follow up with updates as soon as they're made available to us. 

     

    CG - GoDaddy | Community Moderator
    24/7 support available at x.co/247support

    Hi Moderators,

     

    This appears to still be an active vulnerability in the environment.

     

    It has been 2 months now... Can you PLEASE advise me when the time frame of this patch is likely to be? The delay in patching this has made me question whether I can rely on GoDaddy hosting and am strongly reconsidering it!

    Since I do not know whether OpenVZ is vulnerable to this vulnerability, though I suspect the hardware node might be, there's probably nothing to worry about. I'll put my faith in GoDaddy's server admins and presume it has all been taken care of and that they would've updated what they needed to update if it were affected. A little transparency on what they patch and when would be fantastic though. I feel like I don't get the right answers when I call regarding server patching.

     

    Resolved.

    View solution in original post