SECURITY ALERT From Thobson regarding Linux vulnerability

We have become aware of a vulnerability in the Sudo component of the Linux operating system which would allow a regular user to gain super user (root) privileges. Our security team is classifying this as a critical vulnerability. The risks are that valid users can exploit the vulnerability to gain unauthorized access rights, or a hacker that compromises any regular user’s login credentials can gain super user privileges.

Patches for CentOS versions 7 and 8, Ubuntu versions 16.04 LTS, 18.04 LTS, and 20.04 LTS, and Debian 9 and 10 are available. Over the next few days, we will be applying the patch to all of our customer’s Virtual Servers that are running these Linux OS versions, on all platforms. The patch can be applied with no downtime. We have tested the patch and do not anticipate any service impact when applying it. There is nothing you need to do if you are running one of these Linux OS versions.

Shared Hosting client are not impacted at all, as they are hosting on our TSNP secure proprietor solutions.

IMPORTANT:

1. Locked down servers – if you have locked down your server to prevent Thobson access, then we cannot apply the patch and your Virtual Server will continue to be at risk. Please contact your Key Account Managers.
   
2. End of Life (EOL) OS Versions - If your Virtual Server is running CentOS 6 or any prior version of CentOS please note that these versions are past End of Life. This means that security patches are not forthcoming from the creators of the OS. In this case your Virtual Server cannot be patched and will remain at risk. We recommend that all of our customers running old versions upgrade to CentOS 7 or the latest Ubuntu or Debian version as appropriate. Please reply to this email if you would like information on how to upgrade to a supported version of Linux.

Windows Virtual Servers are not impacted by this vulnerability.

Thank you.

Security Assessment Team

Thobson Central