CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action - Mitigation for CloudLinux OS Servers
A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software.
To summarize the impact on different CloudLinux versions:
- CloudLinux 7: No vulnerability found.
- CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
- CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.
CVE-2023-20593 (Cross-Process Information Leak on AMD Zenbleed systems) was published in the official security bulletin on July 25th, 2023. Please read this security blog to learn more about this vulnerability.
Table of content:
The critical vulnerability CVE-2022-0847 affecting Linux kernels starting from 5.8 has been addressed by CloudLinux.
On December 8, 2020 OpenSSL released an advisory patch for a high-risk null pointer dereference vulnerability found in the encryption library’s GENERAL_NAME_cmp() function. CVE-2020-1971 (assigned name) is the High level vulnerability that cannot be ignored. The only level higher is the Critical level which happens maybe once in 5 years.