curl CVE-2023-38545 critical?
-
Hey there! Yes, we are aware and plan to have a release out either on the 11th like the operating systems or shortly after! 0 -
It is out now. curl - SOCKS5 heap buffer overflow - CVE-2023-38545 seems not so much impact on cpanel ? 0 -
We plan to publish fixes on our end tomorrow! 0 -
Hi cPRex, This patch will be installable even in other version of cPanel? We currently are on: OS: CentOS v7.9.2009 cPanel Version: 110.0 0 -
Since version 110 is the LTS tier, that will receive the patch. 0 -
Can i do the upgrade even if i have old DB and old Kernel version? MySQL 5,4 as DB. Or i have to upgrade to MySQL 8 before? 0 -
This package isn't related to MySQL at all, so you should be fine. The more important issue is your OS and cPanel version, as those are likely far out of date if you are running MySQL 5.4. 0 -
Yeah, i know. We run a VPS but i'm not the person i charge of it and i have no experience in this kind of upgrades. I tried the Cpanel Check to upgrade and all went fine (for the upgrade to MySQL 8) but i am worried about losing data for all my WordPress site and didn't know how to be sure that all we'll be fine. There's others think i can test to be sure with the update? The thing that scare me the most is the total reset of the VPS if some site don't works with 8.0 version (into cPanel account there's a message that say that if something not works i have to re-install all the cPanel, then mySql 5,4 and then backup all the users, this scares me) 0 -
It's always good to have backups, but if it's just standard WordPress sites, and WordPress itself has been updated, it's unlikely anything bad would happen. WordPress database code is pretty generic and works across all versions. 0 -
Thanks you for the support, if i can i have another question. ..In the Checker it just gives me a warning with the new version of the password. With 5.7 (I currently have 5.7 not 5.4, sorry for the error) I use the mysql_native_password, while the 8.0 version uses caching_sha2_password and tells me that there may be errors. Also on some sites I may have utf8mb3 instead of utf8mb4 (which from what I read is recommended on MySQL 8) do I need to do something before the update 0 -
Oh, 5.7 makes me feel much better :D. After you upgrade to version 8.0 you'll just get a bunch of warnings in the log file every time the user connects to the database, as outlined here: mysql -e "select * from mysql.user;" | grep native_password 0 -
You make my life much easier today, thank you very much. Now i can approach the update more relaxed. So i'll update without problem in the weekend and after the update i'll run the command. Thanks u very much again! BTW Sorry for the off topic. 0 -
Hi there - just checking re progress on this curl exploit and fix. I have govt. clients who are requesting remeditation, and I noticed that curl in 114.0.8 is still showing version 7.61.1 Any update as to release schedule for cPanel with curl 8.4.0? Many thanks for your valuable time. 0 -
do we have do to manuel updates? yum updates lists nothing and yum list installed |grep curl alt-libcurlssl11.x86_64 7.87.0-1.el7 @cloudlinux-rollout-3 phpinfo: curl
are we safe? we are not sure. do we hae to "recompile" easy apache manually? many thanks.cURL support enabled cURL Information 7.87.0 Age 10 0 -
@isolmrg - no, as long as the server is set to automatic updates, there is nothing you need to do - everything will get updated automatically. 0
Please sign in to leave a comment.
Comments
16 comments