CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866
Forum
For more information on the latest vulnerability (CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091),
please refer to our blog post
  1. Forums
  2. General
  3. General Discussion
  1. Ariel S.
  2. Friday, 11 January 2019
  3.  Subscribe via email
Are we safe against the recent vulnerabilities with root escalation :
CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866

That affects RedHat 7, and others?

Thanks.
Rate this post:
  1. 11.01.2019 12:01:01
  2. # 1
Vladimir Accepted Answer
Posts: 108
Joined: 04.07.2017
0
Votes
Undo
Hello,

According to this thread:
https://access.redhat.com/security/cve/cve-2018-16865
This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7.
We'll import the fix for CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 into our repositories once RH releases it.
Please stay tuned to our blog to be aware of latest updates: http://cloudlinux.com/blog
  1. 15.01.2019 14:01:48
  2. # 2
Alexander Accepted Answer
Posts: 0
Joined: 16.06.2019
0
Votes
Undo
Patches are now released upstream. See attached errata from RH.
  1. 26.05.2019 17:05:39
  2. # 3
ios man Accepted Answer
Posts: 8
Joined: 26.05.2019
0
Votes
Undo
CVE-2018-16865, and CVE-2018-16866 , , ,

Facing this is from last months, any solution??
  1. 28.05.2019 12:05:31
  2. # 4
Dmitriy Serafin Accepted Answer
Posts: 13
Joined: 03.04.2019
0
Votes
Undo
Hi,
CVE-2018-16865, and CVE-2018-16866

The first CVE is already included in our updates. Unfortunately, the second one, CVE-2018-16866 is still not resolved by the upstream (RHEL). We will release it as soon as the fix becomes available.
  1. 06.06.2019 05:06:54
  2. # 5
Grant Wilson Accepted Answer
Posts: 1
Joined: 05.06.2019
0
Votes
Undo
I've just come across the file about systemd-journald exploit produced by Qualys but can't download it - my antivirus is blocking the process and the message about malware intrusion is appearing.
Is Red Hat Enterprise Linux 8 affected as well?
The file source:
System Down: A systemd-journald Exploit file syndicated to essay cheap journal demonstrates the vulnerabilities
  1. 06.06.2019 17:06:11
  2. # 6
Dmitriy Serafin Accepted Answer
Posts: 13
Joined: 03.04.2019
0
Votes
Undo
Hello Grant,

Not sure that we could help you with the RHEL8, as we don't support that, I'm afraid. Usually, the CVEs are being patched by RHEL, so if you have their OS installed, you should be able to get the latest security updates via usual "yum update".
If you have any security concerns or troubles with updating the packages on your CloudLinux system, please reach out to us here:
https://cloudlinux.zendesk.com/hc/en-us/requests/new
Thanks.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.