CloudLinux - security - CloudLinux Blog
Blog
easyapache

ea-apache24-2.4.39-1.cloudlinux major security update

easyapache
New updated ea-apache24-2.4.39-1.cloudlinux package with the major security fix is now available for download from our production repository. Changelog: ea-apache24-2.4.39-1.cloudlinux EA4D-151: Apache Update: Drop 2.4.38, update to 2.4.39. You can find full information on the following link: https://httpd.apache.org/security/vulnerabilities_24.htm...
Continue reading
  3863 Hits
  0 Comments
easyapache

Beta: ea-apache24-2.4.39-1.cloudlinux major security update

easyapache
New updated ea-apache24-2.4.39-1.cloudlinux package with the major security fix is now available for download from our updates-testing repository. Changelog: ea-apache24-2.4.39-1.cloudlinux EA4D-151: Apache Update: Drop 2.4.38, update to 2.4.39. You can find full information on the following link: https://httpd.apache.org/security/vulnerabilities_2...
Continue reading
Recent Comments
Guest — Eric Caldwell
Thanks, this one needs to be fast tracked
Wednesday, 03 April 2019 15:13
Guest — Tommy
Do we need to restart after this? Does future upgrades come from normal channel or do we need to change anything?... Read More
Wednesday, 03 April 2019 16:41
Darya Malyavkina
Hello Tommy! You don't need to restart anything, it happens automatically :-) Usually we release package to stable one week afte... Read More
Wednesday, 03 April 2019 18:26
  4659 Hits
  5 Comments
LVE Manager security update

LVE Manager security update

LVE Manager security update
A new updated LVE Manager 4.0-14.6 is now available for download from our production repository. Changelog: lvemanager-4.0-14.6 WEB-1057: DirectAdmin LVE Manager Hardening from Rack911 To update run: yum update lvemanager We are grateful to Patrick William from Rack911 for the disclosure of this issue.
  3658 Hits
  0 Comments
Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
Tags:

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
[Last updated Jun 22, 12:05PM PDT] A new major local privilege escalation vulnerability in the Linux kernel was disclosed yesterday, June 19th, 2017 (CVE-2017-1000364). The vulnerability can be exploited to allows an unprivileged local user to gain root access to the server. The Qualys' security advisory shows practical methods for circumventing an...
Continue reading
Recent Comments
Guest — Patrick Heinz
Hello, Where we'll be advised when patch become available? Thanks
Tuesday, 20 June 2017 20:00
Igor Seletskiy
Yes, we will notify as it hits production. We just pushed CL7/CL6Hybrid patches to test. If anyone can test by running: kcarectl -... Read More
Tuesday, 20 June 2017 21:08
Guest — Amar
So is there any timeline for older versions like CentOS 5 and RHEL 5 ??
Wednesday, 21 June 2017 05:07
  18338 Hits
  14 Comments
Security warning: major vulnerability found in Linux kernels that affects most kernels
Tags:

Security warning: major vulnerability found in Linux kernels that affects most kernels

Security warning: major vulnerability found in Linux kernels that affects most kernels
A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to ...
Continue reading
Recent Comments
Guest — Michael Denney
It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so t... Read More
Thursday, 23 February 2017 04:23
Igor Seletskiy
yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members... Read More
Thursday, 23 February 2017 13:06
Guest — Jim
It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and ... Read More
Thursday, 23 February 2017 20:01
  18341 Hits
  12 Comments
HardenedPHP - another day, another security fix

HardenedPHP - another day, another security fix

HardenedPHP - another day, another security fix
Older versions of PHP are like swiss cheese - they are full of holes. More and more known holes appear with every passing day for PHP version 5.4 and older … holes that no one patches. This is where HardenedPHP comes in - it patches those holes so that your servers can remain secure. On Mar 31, 2016 new versions of PHP were released. With them...
Continue reading
Recent Comments
Guest — Chris Maxwell
Do the standard PHP packages issued by CloudLinux include the HardenedPHP patches/updates? For example, the package "php-5.3.3-46.... Read More
Saturday, 30 April 2016 20:02
WisiKlo WisiKlo
No, only alt-php packages have all the hardened PHP fixes. php-5.3.3 tracks RHEL php package.
Sunday, 01 May 2016 01:07
  5992 Hits
  2 Comments
KernelCare protection against Rowhammer privilege escallation

KernelCare protection against Rowhammer privilege escallation

KernelCare protection against Rowhammer privilege escallation
The rmemory hardware issue "Rowhammer" was recently discovered to allows privileged escalation. The issue can be mitigated (at least in its current form) by preventing user from reading /proc/$(pid)/pagemap, /proc/kpageflags, /proc/kpagecount files. Yet, this protection is not available from RedHat, CentOS, Parallels. It is not available as part of...
Continue reading
  4746 Hits
  0 Comments
Tags:

Beta: Better fix for Shellshock bash vulnerability

As shellshock vulnerability keeps giving, we were working on protecting our customers with something more durable then a band aid patches.The problem with shellshock is that bash allows function imports via environmental variables. It tries to parse them, and even execute them. As bash parser is complex and not bullet proof -- more and more vulnera...
Continue reading
Recent Comments
Guest — Petar Petrov
Is this fix Cpanel compatible? Cpanel uses many bash scripts so can we be absolutely sure that the fix won't break something?... Read More
Tuesday, 30 September 2014 09:16
Guest — Igor Seletskiy
This fix should be cPanel compatible, but it is a beta for a reason -- we cannot fully test cPanel, hence we need clients to try. ... Read More
Wednesday, 01 October 2014 09:07
  3788 Hits
  2 Comments
Tags:

update for bash vulnerability CVE-2014-7169

The update fixes bash vulnerability CVE-2014-7169. Updated bash packages are available in all CloudLinux channels.To update your server, please run:$ yum clean all$ yum update bash
Recent Comments
Guest — kernow
[QUOTE]The update fixes bash vulnerability CVE-2014-6279[/QUOTE] Don't you mean CVE-2014-7169 ??
Friday, 26 September 2014 07:34
Guest — Igor Seletskiy
sorry, yes. Title was correct, but the message got screwed up by copy & paste ;(
Friday, 26 September 2014 07:40
Guest — Michael Emanuel
Hi Igor, We have kept a close eye on your operating system, due to privacy and security features, and would like to re-migrate mo... Read More
Friday, 26 September 2014 12:21
  4074 Hits
  4 Comments
Tags:

update for bash remote vulnerability CVE-2014-6271

The update the fixes bash remote vulnerability CVE-2014-6271 had been fixed, and updated bash packages are available in all CloudLinux channels.To update your server, please run:$ yum clean all$ yum update bash
Recent Comments
Guest — marc
Hi Igor Is bash-4.1.2-15.el6_5.1.x86_64 vulnerable for this here: https://access.redhat.com/security/cve/CVE-2014-7169 A short c... Read More
Thursday, 25 September 2014 07:20
Guest — Steven Craig
Per the OSS list: Is this possible in CL, or does this patch cover everything? So far, HTTP requests to CGI scripts have been ide... Read More
Thursday, 25 September 2014 14:12
Guest — Kieran Eves
Still vunerable to CVE-2014-7169 as can be seen from the following test command: env var='(){(a)=>\' bash -c "echo vulnerable to ... Read More
Thursday, 25 September 2014 15:56
  2695 Hits
  4 Comments