I used to have Mod_ruid2 + Apache Jailshell enabled and following this Kernel symlink ownership attacks, while Jailshell & mod_ruid2 enabled I'm using the cPanel patched kernel
So currently I have cPanel Patched kernel, mod_ruid2 and jailshell all up and running. The last few days the security advisor showed the Bluhost Patch that is enabled while it dhouldn't be. I contacted my host (Hostgator) and asked them to remove the Bluehost patch and so they did. However the security advisor still shows the respective notice and tells me that the Bluehost patch is active. They opened up a ticket with cpanel describing the situation and here is what we got.
uname -r 2.6.32-6126.96.36.199.cpanel6.x86_64
So what I am asking is the following: Is it a false positive from security advisor and does anybody else experience this?"Based off what I understood from the cPanel technician is that they patched the bluehost patch into the apache rpm. In order for the patch to be used however there does need to be some modifications to the apache configuration files that have not been done. From my understanding this is sort of a false positive from the security advisory. "