Apache vulnerability in 2.4.49

itnext

Member
Apr 19, 2021
12
2
3
sydney
cPanel Access Level
Root Administrator
Brian has replied. He ran the same and this time there was an update available...
I am now on 2.4.50
It suggests the update was not yet available or not yet on all update servers?

thanks for your help.
 
  • Like
Reactions: cPRex

rscalover

Well-Known Member
Dec 16, 2010
99
11
58
cPanel Access Level
Root Administrator
Hello,

i did run yum update but the only update that appeared was an update to apache module mod_bwlimited so cpanel why on earth are you making this so complicated ??????

Code:
httpd -v
Server version: Apache/2.4.48 (cPanel) <<-- i don't like this
Server built:   Aug 19 2021 14:52:05
 

h4f

Well-Known Member
Jun 5, 2007
67
1
156
Hi, thank you all for your reply.

I can confirm with automatic update enabled for WHM 86.0.40 has received
httpd -v
Server version: Apache/2.4.50 (cPanel)
 
  • Like
Reactions: cPRex

LBJ

Well-Known Member
Nov 1, 2003
101
16
168
cPanel Access Level
DataCenter Provider
G'day rscalover,

Hello,

i did run yum update but the only update that appeared was an update to apache module mod_bwlimited so cpanel why on earth are you making this so complicated ??????

Code:
httpd -v
Server version: Apache/2.4.48 (cPanel) <<-- i don't like this
Server built:   Aug 19 2021 14:52:05

Is it possible you're running CloudLInux for your ea-* updates?

The ETA for 100% rollout in that case is October, 13.

Alternatively, you can force an immediate update with...

yum update ea-* --enablerepo=cloudlinux-ea4-rollout-2-bypass

Best regards,

LBJ
 
  • Like
Reactions: mtindor

rscalover

Well-Known Member
Dec 16, 2010
99
11
58
cPanel Access Level
Root Administrator
G'day rscalover,




Is it possible you're running CloudLInux for your ea-* updates?

The ETA for 100% rollout in that case is October, 13.

Alternatively, you can force an immediate update with...

yum update ea-* --enablerepo=cloudlinux-ea4-rollout-2-bypass

Best regards,

LBJ
No my os is centos 7.9 wen i run yum check-update i do see EA4 show up in the list but it says there is no update strange
 

LBJ

Well-Known Member
Nov 1, 2003
101
16
168
cPanel Access Level
DataCenter Provider
Your command produces this output
Code:
ea-apache24.x86_64                                                           1:2.4.48-5.el7.cloudlinux                @imunify360-ea-php-hardened
so i guess i have to wait for imunify

Just raise a ticket with CloudLInux to find out how you should handle that with their @imunify repo. They probably have a bypass you can enable in the same way as you can for their normal @cl repo.

The imunify360.com site provides the following link for raising a support ticket...


The CL team usually reply within minutes.

Best regards,

LBJ
 

rscalover

Well-Known Member
Dec 16, 2010
99
11
58
cPanel Access Level
Root Administrator
@rscalover - I'm glad the CloudLinux team was able to help with that. I can't really say what the issue may have been with the CloudLinux side of things, but if you could post your findings here once it is resolved that would be helpful for everyone.
The cloudlinux-rollout repos are for the cloudlinux os i am running centos 7.9 but since i do have imunify360 cloudlinux will release a patch to fix that vulnerability ETA being October 12 to October 17 2021 so the message is wait for the patch which will arrive via the standard update system (Yum).
 

rscalover

Well-Known Member
Dec 16, 2010
99
11
58
cPanel Access Level
Root Administrator
My server received an update
Code:
httpd -v
Server version: Apache/2.4.51 (cPanel) <<---
Server built:   Oct  7 2021 15:12:45
you can check with yum check-update if you didn't receive it yet