New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[OpenLiteSpeed] Security Update v1.7.16
EthernetServers
Member, Patron Provider
in General
Important repost from another forum:
OpenLiteSpeed have released an update to v1.7.16 today that includes a security update that is relevant to hosting providers, especially if users are able to create accounts under the /home/ directory.
The local security flaw was found by RACK911 Labs and could lead to a root privilege escalation under certain circumstances.
For some reason, OLS have opted to not include a new version number so the original v1.7.16 from May 15th does NOT include the security update; OLS indicated that the fix was pushed out today in RPM and Debian packages.
I guess as long as you update to v1.7.16 after today, you should be good!
Thanked by 1pbx
