Tag: technical-blog

CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action - Mitigation for CloudLinux OS Servers

CL_CVE-2023-4863 Security Vulnerability_V1 copy

A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software. 

 

To summarize the impact on different CloudLinux versions:

  • CloudLinux 7: No vulnerability found.
  • CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
  • CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.

RESOLVED. Temporarily Pausing the Rollout of 'AccelerateWP with Custom Panel Integration' Release"

CL_AWP sopporting control panel_V1 copy-1

We would like to inform you that the rollout of the slot 'cloudlinux-8' featuring 'AccelerateWP with custom panel integration' has been temporarily paused due to identified bugs. Our team is diligently working to address these issues and ensure a smooth experience for all users.

The decision to pause the rollout was made to ensure the stability and functionality of the update. We have identified the following critical issues that prompted the pause:

CloudLinux Takes Action Against Zenbleed Vulnerability: Upcoming Patches

 

CL_zenbleed

CVE-2023-20593 (Cross-Process Information Leak on AMD Zenbleed systems) was published in the official security bulletin  on July 25th, 2023. Please read this security blog to learn more about this vulnerability.


Table of content:

1. Vulnerability description 

2. Mitigation guide for CloudLinux OS

3. Updates as of August 3, 2023 - clarification on OS versions required for mitigation

4. Updates as of August 11, 2023 - update command for CloudLinux OS 7 hybrid added 

 

CloudLinux OS repositories downtime on Jul 21st, 2023 at 12:00 pm to 12:05 pm CET

 

CloudLinux OS repositories downtime
We would like to inform you of a scheduled maintenance procedure of CloudLinux OS repositories. On Jul 21st, 2023, from 12:00 pm to 12:05 pm CET, we will be performing essential updates and optimizations to enhance the overall performance and reliability of our services.

The 4th slot is paused

update

Update from Jun 1st, 2023:
We are pleased to announce that the issue causing the temporary pausing of the gradual rollout has been successfully resolved. We apologize for any inconvenience this may have caused and appreciate your patience during this period. The following packages, including the necessary fixes, have been released in slot #4:
  • cl-MariaDB103-10.3.39-2
  • cl-MariaDB105-10.5.20-3
  • cl-MariaDB106-10.6.13-2


The 4th slot is paused because of the changes in LVE for cl-MySQL/cl-MariaDB, which were performed as a MYSQL-899. Sometimes, these changes can lead to increased LA and CPU usage.

Cldeploy script updated

cldeploy-script

A new updated cldeploy script version v1.97 is now available for download from the CloudLinux repository https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy.

Gradual rollout for LVE Utils has been resumed

rolloutresumed

The lve-utils-6.4.10-1 package with the fix for the latest issue was released to the rollout slot-1. The slot was resumed.

Gradual rollout for LVE Utils paused

rolloutpaused

The gradual rollout of the rollout slot-1 for the lve-utils-6.4.9-2, lve-wrappers-0.7.9-1, cl-end-server-tools-1.1.13-1, and lvemanager-xray-0.15-1 packages was paused due to a minor bug in getting email messages from cron:

WHMCS plugin 1.3.11 stable is here

WHMS

We are pleased to announce that the new updated WHMCS plugin version 1.3.11 is now available. This latest version embodies further improvements of the product as well as the new features. 

imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter