Jul 10 |
Litespeed Security Update released
Posted by Edward N on 10 July 2015 02:57 AM |
An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793)
and it is recommended that you update as soon as possible. These update version is not there is litespeed plugin interface in cpanel and have to do manually. We have updated servers using litespeed with us.
You can update the version in cpanel servers using a single command # /usr/local/lsws/admin/misc/lsup.sh -f -v 5.0.2 # /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.24 Please get this upgraded asap Features and changes ================= LSWS 5.0.2 7-9-2015 Feature improvements and bug fixes Updated OpenSSL to 1.0.2d to address (CVE-2015-1793). Improved HTTP/2 implemenation. Improved mod_security engine to work better with OWASP core rule set. Improved compatibility with Plesk 12 control panel. Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature. LSWS 4.2.24 7-9-2015 Feature improvements and bug fixes Updated OpenSSL to 1.0.1p to address (CVE-2015-1793). Improved mod_security engine to work better with OWASP core rule set. Improved compatibility with Plesk 12 control panel. Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature. Read more » | |
Mar 5 |
FREAK: OpenSSL vulnerability (CVE-2015-0204)
Posted by Steve N on 05 March 2015 11:02 PM |
In January 2015, Red Hat Product Security addressed the CVE-2015-0204 vulnerability in OpenSSL with this advisory: RHSA-2015-0066. The vulnerability was rated as Background Information OpenSSL clients accepted EXPORT-grade (insecure) keys even when the client had not initially asked for them. This could be exploited using a man-in-the-middle attack, Impact While the use of EXPORT-grade ciphers is disabled by default in OpenSSL shipped with the latest versions of Red Hat Enterprise Linux (6.6 and 7.0), it can be enabled The version of OpenSSL shipped with Red Hat Enterprise Linux 5 is also affected. As Red Hat Enterprise Linux 5 is now in the Production 3 phase of the support and Resolution To eliminate the possibility of exploitation, install the updated OpenSSL packages that have been made available through this advisory: RHSA-2015-0066. To install the updates, use the yum package manager as follows: yum update To only update the OpenSSL package and its dependencies, use: yum update openssl
You can check the freak vulnerability using the following link "http://www.nagios.com/freak-vulnerability-tester" If you find your server still has this vulnerability, please feel free to contact our support ASAP. Read more » | |
Jan 28 |
GHOST Vulnerability ( CVE-2015-0235 )
Posted by Steve N on 28 January 2015 11:47 PM |
GHOST Vulnerability ( CVE-2015-0235 ) On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out. Impact The updated RPMs provided by RedHat, CentOS and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:
https://documentation.cpanel.net/display/CKB/CVE-2015-0235+GHOST We have deployed updates to all servers which has ntServerGuard installed. Servers without ntServerGaurd are being patched/updated manually. If you find your server still has this vulnerability, please feel free to contact our support team ASAP. Read more » | |
Oct 16 |
POODLE -SSLv3 Vulnerability
Posted by Anthony N on 16 October 2014 05:23 PM |
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. Please read more about this at the following URLs. https://access.redhat.com/node/1232123 http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/
We have deployed configuration changes to all servers which has ntServerGuard installed to disable SSLv3. Servers without ntServerGaurd are being patched manually. If you find your server still has this vulnerability, please feel free to contact our support team ASAP.
UPDATE * Patched OpenSSL package is relased already. For cPanel servers, package will be updated along with UPCP. We have pushed the update via ntSG already. Read more » | |
Sep 24 |
BASH vulnerability in RHEL based systems
Posted by Anthony N on 24 September 2014 10:29 PM |
There is a reported vulnerability for BASH on RHEL based distributions. This affetcs the following versions
Red Hat Enterprise Linux 4/5/6/7 CentOS 4/5/6/7
Please read more about it at https://access.redhat.com/articles/1200223
We have pushed the patch for this vulnerability to whole servers that we directly manage via ntServerGuard. The patch will be applied to whole servers with ntServerGuard in next few hours. For servers running without ntServerGuard, we have pushed updates manually. If you notice BASH is older on your server, please feel free to contact support.
PS :- We are aware that the security flaw is not completely fixed yet. We will keep an eye on it and we will deploy the changes as soon as the update is available.
WHAT WE HAVE DONE TO THIS =========================== 1. Deployed the BASH update to all servers as soon as the initial patch was available 2. When news were coming out saying it was an incomplete patch, mod_sec rule recommended by RedHat was deployed via ntServerGuard to prevent exploit via HTTP 3. When complete fix was availale, pushed the update via ntServerGuard
Read more » | |
Jun 5 |
OpenSSL security updates - CVE-2014-0224 and CVE-2014-0221
Posted by Anthony N on 05 June 2014 07:05 PM |
There is a security update for OpenSSL, which is marked as critical and recoemmended to update as soon as possible. You can read more about this at http://www.openssl.org/news/secadv_20140605.txt.
All the servers which come under Per Server Managed Plan are patched already
We are now pushing updates to the other managed servers now. Please email support[at]nixtree.com, if you need to know whether the update has been pushed to your servers already. Read more » | |