Latest Update Impacting Some RHEL / CentOS Servers
A couple weeks ago, Red Hat released a set of patches which now seem to fix the issue. We are also getting confirmed reports that the fix from Red Hat does resolve this. The ultimate cause and fix can be identified in their article here.
- Self-Managed SuperMicro Server (our managed customers need not take any action)
- Motherboard: X11SSL-F
- Processor: E3-12XX v5 Skylake
- Red Hat Enterprise Linux 7, CentOS 7 or CloudLinux 7 Installed
In relation to the recent CVE-2020-0543 that was released and patched on June 10th, 2020, at approximately 9 PM Eastern, we received multiple reports of servers having crashed at the UPCP script for cPanel. At this time, it appears that only the aforementioned hardware configuration with this software is affected, although we are still investigating.
We recommend you do not perform any kernel updates at this time. You can disable automatic updates via command line by following the instruction below (previous instruction via WHM no longer exists in latest versions of cPanel). Feel free to open a support ticket if you would like our assistance with this.
As of version 88, cPanel no longer allows you to disable automatic updates via WHM. This must be done via CLI.
In order to disable automatic updates on your cPanel server:
- SSH to your server or utilize WHM’s “Terminal” application if it is enabled
- Using your favorite text editor (vi, nano) edit /etc/cpupdate.conf
- Change the “daily” setting to “manual” for the RPMUP and UPDATES options
Below is an example of a /etc/cpupdate.conf file with updates disabled:
To confirm that updates are disabled:
- Log into WHM
- Go to ‘Server Configuration’ -> ‘Update Preferences’
- Confirm that the message ‘Warning Automatic updates are disabled for this server. We strongly recommend enabling automatic updates’ displays at the top of the page.
- CVE Info: https://access.redhat.com/security/cve/CVE-2020-0543
- Redhat Security Advisory: https://access.redhat.com/errata/RHSA-2020:2432
Need More Personalized Help?
If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account -> Support and provide your server credentials within the encrypted field for the best possible security and support.
If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: firstname.lastname@example.org. We are also available to you through our phone and live chat system 24/7/365.