Update as of Jan 12, 2024:
We would like to inform you that the gradual rollout of the rollout slot-5 was successfully unpaused, and bugfix for incorrect permissions being set for files created by lve-stats was fixed in the version lve-stats #4.2.5-1.
We would like to inform you that the gradual rollout of the rollout slot-5 was paused due to incorrect permissions being set for files created by lve-stats (e.g. /var/lve/info).
A new updated cldeploy script version v1.102 is now available for download from the CloudLinux repository https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy.
CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action - Mitigation for CloudLinux OS Servers
A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software.
To summarize the impact on different CloudLinux versions:
- CloudLinux 7: No vulnerability found.
- CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
- CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.
CVE-2023-20593 (Cross-Process Information Leak on AMD Zenbleed systems) was published in the official security bulletin on July 25th, 2023. Please read this security blog to learn more about this vulnerability.
Table of content:
We would like to inform you of a scheduled maintenance procedure of CloudLinux OS repositories. On Jul 21st, 2023, from 12:00 pm to 12:05 pm CET, we will be performing essential updates and optimizations to enhance the overall performance and reliability of our services.
We are pleased to announce that the issue causing the temporary pausing of the gradual rollout has been successfully resolved. We apologize for any inconvenience this may have caused and appreciate your patience during this period. The following packages, including the necessary fixes, have been released in slot #4:
The 4th slot is paused because of the changes in LVE for cl-MySQL/cl-MariaDB, which were performed as a MYSQL-899. Sometimes, these changes can lead to increased LA and CPU usage.
A new updated cldeploy script version v1.97 is now available for download from the CloudLinux repository https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy.
The lve-utils-6.4.10-1 package with the fix for the latest issue was released to the rollout slot-1. The slot was resumed.