{"id":5682,"date":"2026-07-09T13:51:27","date_gmt":"2026-07-09T17:51:27","guid":{"rendered":"https:\/\/underhost.com\/blog\/?p=5682"},"modified":"2026-07-09T14:05:00","modified_gmt":"2026-07-09T18:05:00","slug":"ghostlock-and-januscape-what-self-managed-linux-server-owners-need-to-patch-now","status":"publish","type":"post","link":"https:\/\/underhost.com\/blog\/ghostlock-and-januscape-what-self-managed-linux-server-owners-need-to-patch-now\/","title":{"rendered":"GhostLock and Januscape: What Self-Managed Linux Server Owners Need to Patch Now"},"content":{"rendered":"<p><!-- UnderHost Blog Hero --><\/p>\n<div class=\"uh-blog-hero\" style=\"margin: 0 0 40px; text-align: center; padding: 48px 24px; border-radius: 20px; background: linear-gradient(135deg,#0D1F3C 0%,#125A8A 58%,#176EA5 100%); color: #ffffff; box-shadow: 0 20px 40px -15px rgba(13,31,60,0.28); position: relative; overflow: hidden;\">\n<div style=\"display: inline-flex; align-items: center; gap: 8px; padding: 7px 14px; margin-bottom: 16px; border: 1px solid rgba(0,212,255,0.32); border-radius: 999px; color: #dff8ff; font-size: 12px; font-weight: 800; letter-spacing: .06em; text-transform: uppercase; background: rgba(0,212,255,0.10);\"><i class=\"fas fa-shield-alt\" style=\"color: #00d4ff;\"><\/i> UnderHost Security Advisory<\/div>\n<h1 style=\"color: #ffffff; font-size: clamp(32px,5vw,46px); line-height: 1.12; margin: 0 0 14px; font-weight: 800;\">GhostLock and JanusCape Linux Kernel CVEs: How to Patch Self-Managed Servers<\/h1>\n<p style=\"font-size: 18px; color: #eaf6ff; max-width: 840px; margin: 0 auto; line-height: 1.7;\">A practical patching guide for CloudLinux, AlmaLinux, Rocky Linux, RHEL-compatible systems, Ubuntu, Debian, VPS nodes, dedicated servers, and virtualization hosts.<\/p>\n<\/div>\n<p><!-- Lead Summary --><\/p>\n<div class=\"uh-blog-excerpt\" style=\"border-left: 4px solid #00D4FF; padding: 18px 20px; margin: 0 0 34px; background: #F8FAFC; color: #1f2937; border-radius: 0 14px 14px 0; box-shadow: 0 8px 28px rgba(13,31,60,0.08); line-height: 1.75;\"><strong style=\"color: #0d1f3c;\">Main takeaway:<\/strong><br \/>\nGhostLock CVE-2026-43499 and JanusCape CVE-2026-53359 are Linux kernel vulnerabilities that should be treated as urgent on multi-user servers, shared-hosting systems, VPS nodes, and KVM hypervisors. <strong>All UnderHost-owned infrastructure, shared hosting platforms, reseller hosting servers, managed VPS services, and managed dedicated environments have already been patched.<\/strong> This guide is intended for customers operating <strong>self-managed<\/strong> VPS or dedicated servers where kernel maintenance is handled by the customer.<\/div>\n<div class=\"uh-post-content\" style=\"color: #1f2937; font-size: 16px; line-height: 1.75;\">\n<div style=\"background: #ECFDF5; border: 1px solid #A7F3D0; border-radius: 16px; padding: 20px 22px; margin: 0 0 30px; box-shadow: 0 4px 12px rgba(13,31,60,0.06);\">\n<h2 style=\"color: #065f46; font-size: 22px; line-height: 1.25; margin: 0 0 10px;\"><i class=\"fas fa-check-circle\" style=\"color: #10b981;\"><\/i> UnderHost Managed Services Are Patched<\/h2>\n<p style=\"margin: 0; color: #064e3b;\">UnderHost has completed patching for all infrastructure under our management, including shared hosting, reseller hosting, managed CloudLinux environments, managed VPS services, and managed dedicated servers. No action is required from customers hosted on fully managed UnderHost platforms. If you operate an unmanaged VPS or dedicated server, you are responsible for applying the kernel updates inside your own operating system.<\/p>\n<\/div>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-bolt\" style=\"color: #00d4ff;\"><\/i> What Happened?<\/h2>\n<p style=\"margin: 0 0 18px;\">CloudLinux recently published advisories for two serious Linux kernel vulnerabilities: <strong>GhostLock CVE-2026-43499<\/strong> and <strong>JanusCape CVE-2026-53359<\/strong>. Although the CloudLinux advisories focus on CloudLinux OS, the underlying issues are in the Linux kernel and can affect other distributions depending on kernel version, vendor backports, kernel configuration, and whether KVM is exposed.<\/p>\n<p style=\"margin: 0 0 18px;\">These issues matter because kernel-level vulnerabilities can turn a limited local account, compromised website process, shell user, or virtual machine guest into a much larger server-level security risk. On multi-tenant hosting systems, the correct response is not to wait for symptoms. The correct response is to patch, reboot when required, and verify the running kernel.<\/p>\n<div style=\"display: grid; grid-template-columns: repeat(auto-fit,minmax(260px,1fr)); gap: 18px; margin: 28px 0;\">\n<div style=\"background: #ffffff; border: 1px solid #E5E7EB; border-radius: 16px; padding: 22px; box-shadow: 0 4px 12px rgba(13,31,60,0.08);\">\n<h3 style=\"margin: 0 0 10px; color: #0d1f3c; font-size: 20px;\">GhostLock CVE-2026-43499<\/h3>\n<p style=\"margin: 0; color: #4b5563; line-height: 1.7;\">A Linux kernel local privilege escalation issue in the futex priority-inheritance path. The practical fix is a patched kernel or a supported livepatch solution such as KernelCare.<\/p>\n<\/div>\n<div style=\"background: #ffffff; border: 1px solid #E5E7EB; border-radius: 16px; padding: 22px; box-shadow: 0 4px 12px rgba(13,31,60,0.08);\">\n<h3 style=\"margin: 0 0 10px; color: #0d1f3c; font-size: 20px;\">JanusCape CVE-2026-53359<\/h3>\n<p style=\"margin: 0; color: #4b5563; line-height: 1.7;\">A Linux KVM\/x86 memory-management vulnerability. It is especially important for virtualization hosts and any system exposing <code>\/dev\/kvm<\/code> to local users.<\/p>\n<\/div>\n<div style=\"background: #ffffff; border: 1px solid #E5E7EB; border-radius: 16px; padding: 22px; box-shadow: 0 4px 12px rgba(13,31,60,0.08);\">\n<h3 style=\"margin: 0 0 10px; color: #0d1f3c; font-size: 20px;\">Self-Managed Servers<\/h3>\n<p style=\"margin: 0; color: #4b5563; line-height: 1.7;\">If your service is unmanaged, you must update the kernel from your distribution vendor, schedule a reboot if required, and confirm the new kernel is actually running.<\/p>\n<\/div>\n<\/div>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-server\" style=\"color: #176ea5;\"><\/i> Who Needs to Take Action?<\/h2>\n<p style=\"margin: 0 0 18px;\">You should review and patch immediately if you manage your own VPS, dedicated server, virtualization node, private cloud host, or any Linux system where customers, developers, websites, containers, or untrusted processes can run local code.<\/p>\n<div style=\"overflow-x: auto; margin: 26px 0; border: 1px solid #E5E7EB; border-radius: 14px;\">\n<table style=\"width: 100%; border-collapse: collapse; background: #ffffff; color: #1f2937;\">\n<thead>\n<tr style=\"background: #0D1F3C; color: #ffffff;\">\n<th style=\"padding: 14px; text-align: left;\">Service Type<\/th>\n<th style=\"padding: 14px; text-align: left;\">Action Required?<\/th>\n<th style=\"padding: 14px; text-align: left;\">What To Do<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\"><strong>UnderHost Shared Hosting<\/strong><\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">No customer action<\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">UnderHost has patched the managed platform.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\"><strong>UnderHost Reseller Hosting<\/strong><\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">No customer action<\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Kernel maintenance is handled by UnderHost.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\"><strong>Managed VPS or Managed Dedicated Server<\/strong><\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Usually no action<\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">UnderHost has applied available patches. Contact support if you need confirmation for a specific server.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\"><strong>Self-Managed VPS<\/strong><\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Yes<\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Update the OS kernel, reboot if needed, and verify the running kernel.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\"><strong>Self-Managed Dedicated Server or KVM Host<\/strong><\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Yes, urgent<\/td>\n<td style=\"padding: 14px; border-top: 1px solid #E5E7EB;\">Patch the kernel and review KVM exposure, especially <code>\/dev\/kvm<\/code>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-search\" style=\"color: #176ea5;\"><\/i> Check Your Current Kernel<\/h2>\n<p style=\"margin: 0 0 18px;\">Before patching, record your current kernel. After patching and rebooting, run the same command again to confirm the new kernel is active.<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>uname -r\r\ncat \/etc\/os-release<\/code><\/pre>\n<p style=\"margin: 18px 0;\">For KernelCare users, verify CVE-level patch status with:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>kcarectl --patch-info | grep -E 'CVE-2026-43499|CVE-2026-53359|CVE-2026-46113'<\/code><\/pre>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-terminal\" style=\"color: #00d4ff;\"><\/i> Quick Patch Guide by Distribution<\/h2>\n<p style=\"margin: 0 0 18px;\">The commands below are general update instructions for self-managed systems. Always check your distribution security advisory and test carefully on production workloads. Kernel patches often require a reboot unless a livepatching service is installed and has released coverage for your exact kernel stream.<\/p>\n<h3 style=\"color: #0d1f3c; font-size: 22px; line-height: 1.25; margin: 28px 0 12px;\">CloudLinux 7, 7h, 8, 9 and 10<\/h3>\n<p style=\"margin: 0 0 18px;\">CloudLinux customers should follow the official CloudLinux advisory for the exact fixed kernel stream. On stable channels, use the normal package manager first:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code># CloudLinux 7 \/ 7h \/ 8\r\nyum clean all\r\nyum update 'kernel*'\r\nreboot\r\n\r\n# CloudLinux 9 \/ 10\r\ndnf clean all\r\ndnf update 'kernel*'\r\nreboot<\/code><\/pre>\n<p style=\"margin: 18px 0;\">If CloudLinux has not yet promoted the fixed kernel to your stable repository, CloudLinux may instruct administrators to use a testing repository temporarily. Use testing repositories only when you understand the operational risk or when your security exposure is greater than the risk of early kernel deployment.<\/p>\n<h3 style=\"color: #0d1f3c; font-size: 22px; line-height: 1.25; margin: 28px 0 12px;\">AlmaLinux, Rocky Linux, RHEL-Compatible Systems<\/h3>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>dnf clean all\r\ndnf update kernel kernel-core kernel-modules kernel-modules-core\r\nreboot<\/code><\/pre>\n<p style=\"margin: 18px 0;\">After reboot:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>uname -r\r\ndnf updateinfo list security --available<\/code><\/pre>\n<h3 style=\"color: #0d1f3c; font-size: 22px; line-height: 1.25; margin: 28px 0 12px;\">Ubuntu 22.04, Ubuntu 24.04 and Debian<\/h3>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>apt update\r\napt full-upgrade\r\nreboot<\/code><\/pre>\n<p style=\"margin: 18px 0;\">After reboot:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>uname -r\r\napt list --upgradable<\/code><\/pre>\n<h3 style=\"color: #0d1f3c; font-size: 22px; line-height: 1.25; margin: 28px 0 12px;\">KernelCare Livepatching<\/h3>\n<p style=\"margin: 0 0 18px;\">If you use KernelCare, apply available livepatches and verify the CVE-level patch list:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>kcarectl --update\r\nkcarectl --patch-info | grep -E 'CVE-2026-43499|CVE-2026-53359|CVE-2026-46113'<\/code><\/pre>\n<p style=\"margin: 18px 0;\">If no livepatch exists yet for your kernel stream, install the vendor kernel update and reboot during a maintenance window.<\/p>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-network-wired\" style=\"color: #0099cc;\"><\/i> JanusCape: Review KVM Exposure<\/h2>\n<p style=\"margin: 0 0 18px;\">JanusCape is particularly important for KVM hypervisors and systems exposing <code>\/dev\/kvm<\/code>. If the server does not run virtual machines, reducing the KVM attack surface is a reasonable temporary hardening step while the kernel update is being deployed.<\/p>\n<div style=\"background: #FFF7ED; border: 1px solid #FDBA74; border-radius: 16px; padding: 20px 22px; margin: 24px 0;\">\n<h3 style=\"margin: 0 0 10px; color: #9a3412; font-size: 20px;\"><i class=\"fas fa-exclamation-triangle\" style=\"color: #f97316;\"><\/i> Important<\/h3>\n<p style=\"margin: 0; color: #7c2d12;\">Do not unload or block KVM modules on a server that actively runs virtual machines. Doing so can disrupt virtualization services. For hypervisors, the complete fix is a patched kernel or supported livepatch.<\/p>\n<\/div>\n<p style=\"margin: 0 0 18px;\">Check whether KVM is loaded:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>lsmod | grep kvm\r\nls -l \/dev\/kvm<\/code><\/pre>\n<p style=\"margin: 18px 0;\">If the server does not run virtual machines, you may unload KVM modules temporarily:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code># Intel hosts\r\nmodprobe -r kvm_intel kvm\r\n\r\n# AMD hosts\r\nmodprobe -r kvm_amd kvm\r\n\r\n# Verify\r\nlsmod | grep kvm<\/code><\/pre>\n<p style=\"margin: 18px 0;\">To prevent KVM from loading on boot on non-virtualization servers:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>cat &gt; \/etc\/modprobe.d\/disable-kvm.conf &lt;&lt;'EOF'\r\ninstall kvm_intel \/bin\/false\r\ninstall kvm_amd \/bin\/false\r\nEOF<\/code><\/pre>\n<p style=\"margin: 18px 0;\">If the server is a KVM hypervisor, do not disable KVM. You may restrict local access to <code>\/dev\/kvm<\/code>, but this does not protect against a malicious guest-to-host path:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>echo 'KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0660\"' &gt; \/etc\/udev\/rules.d\/65-kvm.rules\r\nudevadm control --reload-rules\r\nudevadm trigger \/dev\/kvm\r\nls -l \/dev\/kvm<\/code><\/pre>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-shield-alt\" style=\"color: #00d4ff;\"><\/i> Recommended Hardening Checklist<\/h2>\n<ul style=\"margin: 0 0 24px; padding-left: 22px;\">\n<li><strong>Patch the kernel:<\/strong> Use your vendor repositories or approved livepatch provider.<\/li>\n<li><strong>Reboot when required:<\/strong> Installing a new kernel package is not enough if the old kernel is still running.<\/li>\n<li><strong>Verify the active kernel:<\/strong> Always confirm with <code>uname -r<\/code> after reboot.<\/li>\n<li><strong>Review KVM exposure:<\/strong> Check <code>\/dev\/kvm<\/code> permissions and whether KVM modules are loaded.<\/li>\n<li><strong>Limit shell access:<\/strong> Disable unnecessary user shells and remove abandoned accounts.<\/li>\n<li><strong>Update control panels:<\/strong> Keep cPanel, DirectAdmin, Plesk, Virtualmin, aaPanel and related services current.<\/li>\n<li><strong>Update web apps:<\/strong> Compromised CMS sites can provide the local process needed to abuse kernel bugs.<\/li>\n<li><strong>Keep backups current:<\/strong> Maintain off-server backups before emergency patching and reboots.<\/li>\n<li><strong>Monitor logs:<\/strong> Review authentication, kernel, audit, web server and control panel logs after patching.<\/li>\n<\/ul>\n<div class=\"uh-section-divider\" style=\"width: min(100% - 32px, 1080px); margin: 44px auto; display: grid; grid-template-columns: 1fr 32px 1fr; align-items: center; gap: 18px; pointer-events: none;\" aria-hidden=\"true\"><img loading=\"lazy\" decoding=\"async\" style=\"width: 32px; height: 32px; display: block; border-radius: 8px; filter: drop-shadow(0 0 14px rgba(0,212,255,0.30));\" src=\"https:\/\/cdn.underhost.com\/android-chrome-192x192.webp\" alt=\"\" width=\"32\" height=\"32\" \/><\/div>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-database\" style=\"color: #176ea5;\"><\/i> Before You Reboot: Protect Your Data<\/h2>\n<p style=\"margin: 0 0 18px;\">Kernel patching often requires a reboot. Before restarting a production server, confirm that your backups are current and restorable. For database-heavy workloads, gracefully stop or flush services when possible, especially on busy MySQL, MariaDB, PostgreSQL, Redis, mail, or virtualization nodes.<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code># Example checks before reboot\r\nuptime\r\nwho\r\ndf -h\r\nsystemctl --failed\r\nmysqladmin ping 2&gt;\/dev\/null || true<\/code><\/pre>\n<p style=\"margin: 18px 0;\">After reboot, confirm critical services are online:<\/p>\n<pre style=\"background: #0D1F3C; color: #eaf6ff; padding: 18px 20px; border-radius: 14px; overflow-x: auto; line-height: 1.6;\"><code>uname -r\r\nsystemctl --failed\r\nss -tulpn\r\njournalctl -p err -b --no-pager | tail -100<\/code><\/pre>\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 34px 0 14px;\"><i class=\"fas fa-globe\" style=\"color: #00d4ff;\"><\/i> Source References<\/h2>\n<p style=\"margin: 0 0 18px;\">Administrators should follow their operating system vendor&#8217;s official advisory for exact fixed package versions. Useful references:<\/p>\n<ul style=\"margin: 0 0 24px; padding-left: 22px;\">\n<li><a href=\"https:\/\/blog.cloudlinux.com\/ghostlock-cve-2026-43499-local-root-exploit-kernel-update-for-cloudlinux\/\" target=\"_blank\" rel=\"noopener\">CloudLinux GhostLock CVE-2026-43499 advisory<\/a><\/li>\n<li><a href=\"https:\/\/blog.cloudlinux.com\/januscape-cve-2026-53359-mitigation-and-kernel-update-on-cloudlinux\/\" target=\"_blank\" rel=\"noopener\">CloudLinux JanusCape CVE-2026-53359 advisory<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-53359\" target=\"_blank\" rel=\"noopener\">NVD CVE-2026-53359 entry<\/a><\/li>\n<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2026-53359.html\" target=\"_blank\" rel=\"noopener\">SUSE CVE-2026-53359 advisory<\/a><\/li>\n<li><a href=\"https:\/\/explore.alas.aws.amazon.com\/CVE-2026-43499.html\" target=\"_blank\" rel=\"noopener\">Amazon Linux CVE-2026-43499 advisory<\/a><\/li>\n<\/ul>\n<div class=\"uh-blog-cta\" style=\"background: linear-gradient(135deg,#0D1F3C 0%,#125A8A 58%,#176EA5 100%); color: #ffffff; padding: 36px 24px; border-radius: 20px; text-align: center; margin: 44px 0; box-shadow: 0 20px 40px -15px rgba(13,31,60,0.32);\">\n<h2 style=\"margin: 0 0 12px; font-size: 28px; line-height: 1.25; color: #ffffff;\">Need Help Securing Your VPS or Dedicated Server?<\/h2>\n<p style=\"font-size: 17px; margin: 0 auto 22px; color: #eaf6ff; max-width: 760px; line-height: 1.7;\">If you are running a self-managed server and want UnderHost to handle kernel updates, security hardening, monitoring, backups, firewall review, malware cleanup, or control panel maintenance, our team can help through UnderManagement.<\/p>\n<p><a style=\"background: linear-gradient(90deg,#00D4FF,#0077FF); color: #ffffff; padding: 13px 28px; border-radius: 10px; text-decoration: none; font-weight: 800; display: inline-block; margin: 8px; box-shadow: 0 6px 18px rgba(0,212,255,0.25);\" href=\"https:\/\/underhost.com\/server-management.php\"><br \/>\nView Server Management<br \/>\n<\/a><br \/>\n<a style=\"background: transparent; color: #ffffff; padding: 12px 28px; border-radius: 10px; text-decoration: none; font-weight: 800; display: inline-block; margin: 8px; border: 1px solid rgba(255,255,255,0.32);\" href=\"https:\/\/customerpanel.ca\/client\/\"><br \/>\nOpen a Support Ticket<br \/>\n<\/a><\/p>\n<\/div>\n<div class=\"uh-faq-section\" style=\"margin: 34px 0;\">\n<h2 style=\"color: #0d1f3c; font-size: 28px; line-height: 1.25; margin: 0 0 18px; border-bottom: 2px solid rgba(0,212,255,0.22); padding-bottom: 10px;\">Frequently Asked Questions<\/h2>\n<div style=\"margin-top: 18px; background: #F8FAFC; padding: 18px 20px; border-radius: 14px; border: 1px solid rgba(23,110,165,0.14);\">\n<h3 style=\"color: #0d1f3c; margin: 0 0 8px; font-size: 19px;\">Are UnderHost shared hosting servers affected?<\/h3>\n<p style=\"margin: 0; color: #1f2937; line-height: 1.7;\">UnderHost has patched all managed shared hosting and reseller hosting servers. Customers on fully managed hosting do not need to perform kernel maintenance themselves.<\/p>\n<\/div>\n<div style=\"margin-top: 18px; background: #F8FAFC; padding: 18px 20px; border-radius: 14px; border: 1px solid rgba(23,110,165,0.14);\">\n<h3 style=\"color: #0d1f3c; margin: 0 0 8px; font-size: 19px;\">Do I need to patch my self-managed VPS?<\/h3>\n<p style=\"margin: 0; color: #1f2937; line-height: 1.7;\">Yes. But only for GhostLock, JanusCape is already patched. If your VPS is self-managed, you are responsible for operating system updates, kernel patches, reboots, firewall configuration, and service verification unless you have purchased a server management plan.<\/p>\n<\/div>\n<div style=\"margin-top: 18px; background: #F8FAFC; padding: 18px 20px; border-radius: 14px; border: 1px solid rgba(23,110,165,0.14);\">\n<h3 style=\"color: #0d1f3c; margin: 0 0 8px; font-size: 19px;\">Is updating packages enough?<\/h3>\n<p style=\"margin: 0; color: #1f2937; line-height: 1.7;\">Not always. Kernel updates usually require a reboot before the fixed kernel is actually running. Always verify with <code>uname -r<\/code> after reboot.<\/p>\n<\/div>\n<div style=\"margin-top: 18px; background: #F8FAFC; padding: 18px 20px; border-radius: 14px; border: 1px solid rgba(23,110,165,0.14);\">\n<h3 style=\"color: #0d1f3c; margin: 0 0 8px; font-size: 19px;\">Can I mitigate GhostLock without patching?<\/h3>\n<p style=\"margin: 0; color: #1f2937; line-height: 1.7;\">There is no practical general runtime mitigation for GhostLock on normal hosting servers. The correct fix is to install a patched kernel or use a livepatch that covers your exact kernel stream.<\/p>\n<\/div>\n<div style=\"margin-top: 18px; background: #F8FAFC; padding: 18px 20px; border-radius: 14px; border: 1px solid rgba(23,110,165,0.14);\">\n<h3 style=\"color: #0d1f3c; margin: 0 0 8px; font-size: 19px;\">Can UnderHost patch my unmanaged server for me?<\/h3>\n<p style=\"margin: 0; color: #1f2937; line-height: 1.7;\">Yes. Open a ticket through <a href=\"https:\/\/customerpanel.ca\/client\/\">@CustomerPanel<\/a> or review our <a href=\"https:\/\/underhost.com\/server-management.php\">Server Management<\/a> service if you want UnderHost to handle operating system patching, hardening, monitoring, backups, and ongoing administration.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Two high-severity Linux kernel vulnerabilities, GhostLock and Januscape, allow local root escalation and VM escape across most major distributions. Here&#8217;s what they do, how to patch a self-managed server, and confirmation that every UnderHost-managed system is already protected.<\/p>\n","protected":false},"author":1,"featured_media":5686,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61,84,79,25,101,69,100],"tags":[],"class_list":["post-5682","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-almalinux","category-backup-security","category-debian","category-linux","category-server-security","category-support","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/5682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/comments?post=5682"}],"version-history":[{"count":3,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/5682\/revisions"}],"predecessor-version":[{"id":5687,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/5682\/revisions\/5687"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/media\/5686"}],"wp:attachment":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/media?parent=5682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/categories?post=5682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/tags?post=5682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}