Symptoms
A vulnerability for Log4j was announced in CVE-2021-44228 and you want to ensure your server is secure.
For CVE-2021-45105 and CVE-2021-45046, please see the following articles instead.
Is cPanel Dovecot Solr vulnerable to CVE-2021-45105
ApacheSolr vulnerability CVE-2021-45046 for Log4j
Description
This vulnerability affects the cpanel-dovecot-solr
RPM that is provided by The install_dovecot_fts Script.
No other cPanel-provided packages are affected by this vulnerability and if cpanel-dovecot-solr
is not installed there are no further steps needed.
An internal case for our development team to investigate this further has been filed. For reference, the case number is CPANEL-39455. Follow this article to receive an email notification when a solution is published in the product.
Workaround
The only service provided by the cPanel software bundle that uses the logging utility Log4j is cpanel-dovecot-solr
. If you do not have this installed, then your server is secure. Any new installations of Dovecot_FTS will include the patched RPM by default. You can check if this RPM is installed with the following command.
Example if installed:
# rpm -q cpanel-dovecot-solr
cpanel-dovecot-solr-8.8.2-4.11.1.cpanel.noarch
We have published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr
RPM in version 8.8.2-4+. This patch will automatically be applied during the nightly updates if this package is installed. You can confirm if your server is patched by using the following command.
Example output of patched RPM:
# rpm -qv --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
* Fri Dec 10 2021 Tim Mullin <tim@cpanel.net> - 8.8.2-4.cp1180
- CPANEL-39455: Add mitigation for CVE-2021-44228
If the package is installed and does not show the patch information above, you can perform an update using the following command.
yum update cpanel-dovecot-solr