I'm running Webhost manager on Ubuntu 20.4 (cpanel's supported version) but I only have the "BlueHost version" to patch this vulnerability. Cloudlinux has several methods, Is there a fix on the way from cPanel for this issue?
The Security Advisor alerted me that my server was vulnerable This is the documentation.
Symlink Race Condition Protection | cPanel & WHM Documentation
Symlink Race Condition Protection | cPanel & WHM Documentation
This is what it says:
The Bluehost patch improves Apache’s ability to detect a race condition. The Bluehost patch modifies Apache and the Apache Portable Runtime (APR) library so that Apache cannot access certain files.
It's my only option to patch it in Web Host Manager. But it says it's not optimal for patching it.
The Bluehost patch improves Apache’s ability to detect a race condition. The Bluehost patch modifies Apache and the Apache Portable Runtime (APR) library so that Apache cannot access certain files.
It's my only option to patch it in Web Host Manager. But it says it's not optimal for patching it.
Security Advisor says this:
Apache Symlink Protection: the Bluehost provided Apache patch is in effect
It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal.
Apache Symlink Protection: the Bluehost provided Apache patch is in effect
It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal.
Hey there! I see you also posted here:
askubuntu.com
Since this is related to Apache, it's really not up to Ubuntu to decide how to handle this.
For an Ubuntu system, the BlueHost patch is the only option currently available. If you feel you need additional protection, it might be worth switching to a Redhat-based operating system. Since the other more exhaustive options are kernel-based, they just aren't available for Ubuntu.
Symlink race condition vulnerability Support for cPanel
How can I fix this issue in WHM/Cpanel with Ubuntu 20.04? The documentation says to use the BlueHost fix but that it's not optimal for fixing the issue. Cloudlinux has several methods to fix it. Th...
askubuntu.com
Since this is related to Apache, it's really not up to Ubuntu to decide how to handle this.
For an Ubuntu system, the BlueHost patch is the only option currently available. If you feel you need additional protection, it might be worth switching to a Redhat-based operating system. Since the other more exhaustive options are kernel-based, they just aren't available for Ubuntu.
