Whether you are one of our customers or use another provider, we strongly recommend you follow the steps described below to ensure your VPS, Hybrid Server or dedicated server remains secure.
A high-severity vulnerability has recently been discovered in the Linux kernel which potentially allows a local user on the system to gain root access (find out more here: CVE-2013-2094). Any Linux server, regardless of web host, will be affected by this issue.
2.6.37 – 3.8.10 Kernels are vulnerable, however the change that introduced this flaw into the kernel was backported by Redhat into the 2.6.32 Kernel which is supplied with RHEL packages. Servers running CentOS 6, Fedora 18, Ubuntu LTS 12.04 and Debian 6 are all vulnerable and we would strongly recommend you update your VPS, Hybrid Server or dedicated server if you run these operating systems.
Please remember that it is vital to back up your server before making this significant update as, whilst it is essential, it can potentially have adverse affects on your server.
– To update CentOS and Fedora, run, “yum update” and type “y” when prompted.
– To update Ubuntu/Debian, run “apt-get update && apt-get upgrade” and type “y” when prompted.
Once the new kernel is installed, you will need to reboot your server to apply the fix. Please note that running these commands will update all software on your server (not just the affected kernel); make sure that following the reboot, you check that all services (websites, mail, FTP, etc.) are running correctly.
You may find the following articles useful:
How do I connect to my VPS? (Also suitable for Hybrids and dedicated servers)
For additional server security tips, check out our handy “VPS and dedicated server security” tips blog post.
After rebooting your machine you will be able to identify whether your update was successful or not. If you have installed the kernel update but are experiencing problems (for example you can no longer gain access), take a look at Rolling back a kernel update to reverse your changes. Please note that you will still need to implement the security fix regardless.