Vulnerability found

B

bcx

Verified User
Joined
Dec 11, 2015
Messages
94
Hello, via the plugin WPVulnerability i get the following email that this software needs to be updated. But i don't get an update in custombuild? Is there a way to force custombuild to check for new updates?

Thank you in advance.

ImageMagick vulnerabilities​

ImageMagick running: 7.1.1.41​

ImageMagick 7.1 < 7.1.1.43​

[+] CVE-2023-5341
[en] A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

curl vulnerabilities​

curl running: 7.88.1​

curl 7.88 <= 7.88.1​

[+] CVE-2024-8096
[en] When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
 

MariaDB running: 10.6.20​

MariaDB 10.6 < 10.6.21​

[+] CVE-2025-21490
[en-US] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

mariadb.org

MariaDB Server - All releases - MariaDB.org

11.7 11.6 11.5 11.4 11.3 11.2 11.1 11.0 10.11 10.10 10.9 10.8 10.7 10.6 10.5 10.4 10.3 10.2 10.1 10.0 Galera 10.0 5.5 Galera 5.5 5.3 5.2 5.1 … Continue reading "MariaDB Server – All releases"
mariadb.org mariadb.org

11.7 latest stable release.

However in my dashboard CustomBuild 2.0 -> Build

it only goes up to
MariaDB10.6.20

Can i see if my custombuild is checking for updates or not.
 
Also Curl:
The most recent stable version is 8.12.1, released on 2025-02-13.
 
bcx said:
The most recent stable version is 8.12.1, released on 2025-02-13.
Click to expand...
Curl is not part of Directadmin updates. DA uses it but it's an OS package and versions differ per OS.
The OS itself takes care that this will be up to date and/or patched if the OS is not EOL. For Almalinux 9 at this moment it's even version 7.76.1.
 
MariaDB is done with DA and will be part of a DA update, don't know when yet, but I'm sure they will read this and update.
 
  • Like
Reactions: bcx
You must log in or register to reply here.
Back
Top