It is generally understood that a server running Linux needs to have a relatively recent kernel version or at least one that has been securely patched to fix any vulnerabilities. For dedicated servers, a kernel upgrade is not big deal; a simple install, reboot and you are done. For a virtual private server, it can differ depending on the technology and method of deployment your provider uses.
On OpenVZ, for example, the virtual OS does not actually use its own kernel. It relies on the host’s kernel. Therefore, upgrading your kernel package will not actually have an effect and might even produce errors. Instead, you can either depend on your hosting provider to update the kernel periodically or you might be able to use some internal method that the host has to update the kernel to latest.
Generally speaking Xen will have the same issues as OpenVZ. You are usually at the mercy of your host’s kernel version. If you find that the kernel is not being updated, you should contact your host to have it done. Apparently, however, there is a way to achieve kernel freedom using a tool called PyGrub.
Because of the nature of VPS, it is important that you choose a host you know will stay on top of security. Like any hosting, a website is only as secure as the server hosting it. While much of the VPS security is in your hands, you still need the help of your host.