Announcement - cPanel security update (Dec 2021)
Dear Valued Clients,
cPanel published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM.
What is CVE-2021-44228?
A critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including Apache, Apple iCloud, Steam, Minecraft, and others.
How to obtaining the Mitigation for CVE-2021-44228?
You can run a cPanel Update which will update the cpanel-dovecot-solr RPM for you:
Alternatively you could update just the cpanel-dovecot-solr RPM via YUM as the root user with the following command:
yum update cpanel-dovecot-solr
If you previously uninstalled cPanel Solr, you may install it again with the steps in this guide
Verifying That You Have The Mitigation In Place
1. Login to the server via SSH or Terminal as the root user
2. Issue the following command:
rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
If the mitigation has been successfully added to your server you will see the following output:
# rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
* Fri Dec 10 2021 Tim Mullin <email@example.com> - 8.8.2-4.cp1180
- CPANEL-39455: Add mitigation for CVE-2021-44228
If you need further information and clarification or if you experience difficulties after the updating please contact us via helpdesk firstname.lastname@example.org
Technical Support Department