Server Software and Configuration Services
New csf v2.67 – Major Security Fix
Changes:Security fix – A major security issue has been found (thanks to Jeff for informing us) in the LF_DIRWATCH code that can lead to arbitrary code being executed in the context of the user running lfd, i.e. root, if that option is enabled and a hacker has access to create a crafted filename in one of the watched directories. This update closes this hole.*ALL INSTALLATIONS SHOULD BE UPGRADED ASAP TO AVOID POTENTIAL EXPLOITATION*You can upgrade csf either through WHM or from the root shell using:
csf -u