security - CloudLinux Blog
LVE Manager security update

LVE Manager security update

LVE Manager security update
A new updated LVE Manager 4.0-14.6 is now available for download from our production repository. Changelog: lvemanager-4.0-14.6 WEB-1057: DirectAdmin LVE Manager Hardening from Rack911 To update run: yum update lvemanager We are grateful to Patrick William from Rack911 for the disclosure of this issue.
  1593 Hits
  0 Comments
LVE-stats security update

LVE-stats security update

LVE-stats security update
A new lve-stats update includes critical vulnerability fixes for StatsNotifier plugin that were recently discovered by Patrick William from Rack911. It is now available from both, our production (package version lve-stats-2.6-9.1) and updates-testing (package version lve-stats-2.7-16.4) repositories. We highly recommend to install this update....
Continue reading
  1918 Hits
  0 Comments
Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
Tags:

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
[Last updated Jun 22, 12:05PM PDT] A new major local privilege escalation vulnerability in the Linux kernel was disclosed yesterday, June 19th, 2017 (CVE-2017-1000364). The vulnerability can be exploited to allows an unprivileged local user to gain root access to the server. The Qualys' security advisory shows practical methods for circumventing an...
Continue reading
Recent Comments
Igor Seletskiy
Yes, we will notify as it hits production. We just pushed CL7/CL6Hybrid patches to test. If anyone can test by running: kcarectl -... Read More
Tuesday, 20 June 2017 21:08
Igor Seletskiy
CentOS5 is EOL and new patches will not be added.
Wednesday, 21 June 2017 12:07
Igor Seletskiy
CL7 / CL6hybrid is out CL6 should be added in 6-8 hours
Wednesday, 21 June 2017 12:08
  15430 Hits
  14 Comments
Major vulnerability CVE-2017-2636 found in Linux kernels that affects many distributions
Tags:

Major vulnerability CVE-2017-2636 found in Linux kernels that affects many distributions

Major vulnerability CVE-2017-2636 found in Linux kernels that affects many distributions
A new major local privilege escalation vulnerability in the Linux kernel was disclosed on March 7th by Alexander Popov ( see CVE-2017-2636 ). It is a race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 that allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline and ...
Continue reading
  9130 Hits
  0 Comments
Security warning: major vulnerability found in Linux kernels that affects most kernels
Tags:

Security warning: major vulnerability found in Linux kernels that affects most kernels

Security warning: major vulnerability found in Linux kernels that affects most kernels
A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov ( see CVE-2017-6074 ). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access t...
Continue reading
Recent Comments
Igor Seletskiy
yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members... Read More
Thursday, 23 February 2017 13:06
Igor Seletskiy
It takes much longer to prepare & test the fix for the full kernel.
Friday, 24 February 2017 13:01
Kateryna Obiidykhata
1. Here you can find the announcement about the vulnerability found - http://seclists.org/oss-sec/2017/q1/471 2. Because you have ... Read More
Friday, 24 February 2017 12:47
  16010 Hits
  12 Comments
HardenedPHP - another day, another security fix

HardenedPHP - another day, another security fix

HardenedPHP - another day, another security fix
Older versions of PHP are like swiss cheese - they are full of holes. More and more known holes appear with every passing day for PHP version 5.4 and older … holes that no one patches. This is where HardenedPHP  comes in - it patches those holes so that your servers can remain secure. On Mar 31, 2016 new versions of PHP were released. With the...
Continue reading
Recent Comments
WisiKlo WisiKlo
No, only alt-php packages have all the hardened PHP fixes. php-5.3.3 tracks RHEL php package.
Sunday, 01 May 2016 01:07
  3041 Hits
  2 Comments
openssl security updates released for CloudLinux
Tags:

openssl security updates released for CloudLinux

openssl security updates released for CloudLinux
Updated openssl packages that fix two security issues are now available for CloudLinux 5 ( openssl-0.9.8e-39.el5_11 ), CloudLinux 6 ( openssl-1.0.1e-42.el6_7.4 ) and CloudLinux 7 ( openssl-1.0.1e-51.el7_2.4 ). Changelog: CVE-2015-3197 (find details on the link  https://www.redhat.com/security/data/cve/CVE-2015-3197.html ) CVE-2016-07...
Continue reading
  4984 Hits
  5 Comments
KernelCare protection against Rowhammer privilege escallation

KernelCare protection against Rowhammer privilege escallation

KernelCare protection against Rowhammer privilege escallation
The rmemory hardware issue " Rowhammer " was recently discovered to allows privileged escalation. The issue can be mitigated (at least in its current form) by preventing user from reading /proc/$(pid)/pagemap, /proc/kpageflags, /proc/kpagecount files. Yet, this protection is not available from RedHat, CentOS, Parallels. It is not available as part ...
Continue reading
  2093 Hits
  0 Comments
Tags:

Beta: Better fix for Shellshock bash vulnerability

As shellshock vulnerability keeps giving, we were working on protecting our customers with something more durable then a band aid patches. The problem with shellshock is that bash allows function imports via environmental variables. It tries to parse them, and even execute them. As bash parser is complex and not bullet proof -- more and more vulner...
Continue reading
  1879 Hits
  2 Comments
Tags:

update for bash vulnerability CVE-2014-7169

The update fixes bash vulnerability CVE-2014-7169. Updated bash packages are available in all CloudLinux channels. To update your server, please run: $ yum clean all $ yum update bash
  2301 Hits
  4 Comments