[OpenLiteSpeed] Security Update v1.7.16

[EthernetServers]

Repost from another forum:

OpenLiteSpeed have released an update to v1.7.16 today that includes a security update that is relevant to hosting providers, especially if users are able to create accounts under the /home/ directory.

The local security flaw was found by RACK911 Labs and could lead to a root privilege escalation under certain circumstances.

For some reason, OLS have opted to not include a new version number so the original v1.7.16 from May 15th does NOT include the security update; OLS indicated that the fix was pushed out today in RPM and Debian packages.

I guess as long as you update to v1.7.16 after today, you should be good!

 

[BillyS]

I am beginning to think OpenLiteSpeed is abandoned. No updates in over a year.