Emergency Maintenance on All BlueVM OpenVZ Services

BlueVM

New Member
Verified Provider
This post is just to help catch anyone who has not already gotten an email from us about our current emergency maintenance.

Earlier this morning one of our pen testers came across a vulnerability in our OpenVZ Kernel which allows a container to escalate permissions to the root user on the host node.

Original email:
 

Hello,

We are performing emergency maintenance on ALL of our OpenVZ node servers, meaning EVERY OpenVZ server will be affected.

The kernel we operate on needs to be upgraded as soon as possible. But unfortunately this requires us to reboot each node server.

It should take no longer than 5 minutes per server. We are performing this maintenance NOW.

We apologize for the inconvenience caused, and the short notice. This was unavoidable.

If you have any questions, feel free to open a ticket.

Best Regards,
BlueVM Support
https://bluevm.com
 

BlueVM

New Member
Verified Provider
@texteditor - This is an entirely different vulnerability. Thank you though...
 

BlueVM

New Member
Verified Provider
It affects the 2.6.18 VZ Kernels, not the newer 2.6.32 ones. Thus most hosts will not be effected by this, however we will be releasing this shortly.
 

BlueVM

New Member
Verified Provider
Anyone on 106.2 or below should upgrade to 107.1 as 107.1 is patched. This does not mean the vulnerability is known. It's still nonpublic.
 
Last edited by a moderator:
Top