Apache vulnerability in 2.4.49
-
Hey there! We're going to be releasing an update tomorrow that will take care of this, and if your server receives automatic updates there is nothing else you need to do on your end. 0 -
I wasn't going to brag! 0 -
I suspected an update would be imminent... Thanks for the info, and well-done on spotting the bug! :cool: 0 -
Are you going to issue an Apache 2.4.50 update for WHM v86.0.40 ? 0 -
I get tons of such requests but the good news is imunify360 is blocking them also lots of "wannabe hackers" who are simply to stupid :) 0 -
Are you going to issue an Apache 2.4.50 update for WHM v86.0.40 ?
Hello, easy apache continues to work on Cpanel 86 ;)0 -
@h4f - Apache updates are independent of the cPanel version. That being said, you should get the machine updated to a supported version of cPanel as there are likely other security issues present. 0 -
@cPRex You wrote " We're going to be releasing an update tomorrow that will take care of this, and if your server receives automatic updates there is nothing else you need to do on your end. " I don't see new Apache being pushed on 86.0.40. 0 -
You won't ever see an Apache update tied to a specific version of cPanel. You can see yearly changelogs for the service here:
So it suggests that you need to recompile on each server Apache yourself and there will not be pushed an update. On second thought: Apache Update 2.4.49 was released on 2021-09-16 because of CVE-2021-40438 and that was pushed automatically to 86.0.40. So the question is still the same, is 86.0.40 going to get 2.4.50 or must admin do everything manually themselves? Did anyone else with latest current version of CPANEL get 2.4.50 or also not yet?0 -
CVE-2021-41773 and 0 -
So it suggests that you need to recompile on each server Apache yourself and there will not be pushed an update. On second thought: Apache Update 2.4.49 was released on 2021-09-16 because of CVE-2021-40438 and that was pushed automatically to 86.0.40. So the question is still the same, is 86.0.40 going to get 2.4.50 or must admin do everything manually themselves? Did anyone else with latest current version of CPANEL get 2.4.50 or also not yet?
Hello, It was just released via Easy apache0 -
Soooo... Im not quite following - it seems that CPRex suggested that a new update was due but it hasnt landed yet? 0 -
As @ciao70 posted, the update is now live as it was released earlier today. What I have been saying is there is no relationship to the cPanel version and to the EasyApache version on the system as Apache and PHP packages are managed directly through their respective RPMs in EasyApache 4. If this were the old EasyApache 3 system, yes, you would have needed to manually recompile Apache and PHP on the server to get the update. Now, with everything being RPM based, this happens automatically as long as your updated are set to automatic. Does that help clear things up? 0 -
I had checked for updates before posting but it seems an update has dropped since then :) After running update my Apache still says 2.4.49 Server Version: Apache/2.4.49 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 Server MPM: prefork Server Built: Sep 29 2021 17:23:18 0 -
Did you run "yum update" on that system? 0 -
No. The post says the system will update automatically. I did run System Update which based on its output does the same thing as yum update which I have run just now... yum update Last metadata expiration check: 2:25:52 ago on Thu 07 Oct 2021 05:36:25 AM AEDT. Dependencies resolved. Nothing to do. Complete! Still on 2.4.49 0 -
The system will update automatically as part of the overnight updates, although a manual "yum update" will work just the same. If you're not seeing the package as part of an update to the system, there's likely some other reason that isn't getting downloaded. You're welcome to submit a ticket to our team so we can check the server, as this is one of those things that should just work. 0 -
Thanks CPRex - Ill open a ticket. 0 -
Could you post the number here so I can follow along? 0 -
Ticket 94370826 0 -
Thanks for that - I'm following along with that now on my end. 0 -
Brian has replied. He ran the same and this time there was an update available... I am now on 2.4.50 It suggests the update was not yet available or not yet on all update servers? thanks for your help. 0 -
Hello, i did run yum update but the only update that appeared was an update to apache module mod_bwlimited so cpanel why on earth are you making this so complicated ?????? httpd -v Server version: Apache/2.4.48 (cPanel) <<-- i don't like this Server built: Aug 19 2021 14:52:05
0 -
Hi, thank you all for your reply. I can confirm with automatic update enabled for WHM 86.0.40 has received httpd -v Server version: Apache/2.4.50 (cPanel) 0 -
G'day rscalover, Hello, i did run yum update but the only update that appeared was an update to apache module mod_bwlimited so cpanel why on earth are you making this so complicated ??????
httpd -v Server version: Apache/2.4.48 (cPanel) <<-- i don't like this Server built: Aug 19 2021 14:52:05
Is it possible you're running CloudLInux for your ea-* updates? The ETA for 100% rollout in that case is October, 13. Alternatively, you can force an immediate update with... yum update ea-* --enablerepo=cloudlinux-ea4-rollout-2-bypass Best regards, LBJ0 -
G'day rscalover, Is it possible you're running CloudLInux for your ea-* updates? The ETA for 100% rollout in that case is October, 13. Alternatively, you can force an immediate update with... yum update ea-* --enablerepo=cloudlinux-ea4-rollout-2-bypass Best regards, LBJ
No my os is centos 7.9 wen i run yum check-update i do see EA4 show up in the list but it says there is no update strange0 -
No my os is centos 7.9 wen i run yum check-update i do see EA4 show up in the list but it says there is no update strange
What output does the following generate... yum list ea-apache24.x* Best regards, LBJ0 -
yum list ea-apache24.x*
Your command produces this outputea-apache24.x86_64 1:2.4.48-5.el7.cloudlinux @imunify360-ea-php-hardened
so i guess i have to wait for imunify0
Please sign in to leave a comment.
Comments
46 comments