OpenLiteSpeed have released an update to v1.7.16 today that includes a security update that is relevant to hosting providers, especially if users are able to create accounts under the /home/ directory.
The local security flaw was found by RACK911 Labs and could lead to a root privilege escalation under certain circumstances.
For some reason, OLS have opted to not include a new version number so the original v1.7.16 from May 15th does NOT include the security update; OLS indicated that the fix was pushed out today in RPM and Debian packages.
I guess as long as you update to v1.7.16 after today, you should be good!
Leave a Reply