A new updated cldeploy script version v1.102 is now available for download from the CloudLinux repository https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy.
CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action - Mitigation for CloudLinux OS Servers
A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software.
To summarize the impact on different CloudLinux versions:
- CloudLinux 7: No vulnerability found.
- CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
- CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.
We would like to inform you that the rollout of the slot 'cloudlinux-8' featuring 'AccelerateWP with custom panel integration' has been temporarily paused due to identified bugs. Our team is diligently working to address these issues and ensure a smooth experience for all users.
The decision to pause the rollout was made to ensure the stability and functionality of the update. We have identified the following critical issues that prompted the pause:
CVE-2023-20593 (Cross-Process Information Leak on AMD Zenbleed systems) was published in the official security bulletin on July 25th, 2023. Please read this security blog to learn more about this vulnerability.
Table of content:
We are pleased to announce that the issue causing the temporary pausing of the gradual rollout has been successfully resolved. We apologize for any inconvenience this may have caused and appreciate your patience during this period. The following packages, including the necessary fixes, have been released in slot #4:
The 4th slot is paused because of the changes in LVE for cl-MySQL/cl-MariaDB, which were performed as a MYSQL-899. Sometimes, these changes can lead to increased LA and CPU usage.
A new updated cldeploy script version v1.97 is now available for download from the CloudLinux repository https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy.
The lve-utils-6.4.10-1 package with the fix for the latest issue was released to the rollout slot-1. The slot was resumed.
The gradual rollout of the rollout slot-1 for the lve-utils-6.4.9-2, lve-wrappers-0.7.9-1, cl-end-server-tools-1.1.13-1, and lvemanager-xray-0.15-1 packages was paused due to a minor bug in getting email messages from cron: