Arguably, one of the most requested and popular feature requests submitted for cPanel & WHM has been the addition of the NGINX web server as an alternative to Apache. We have good news for those of you that have been asking: NGINX is coming. Note: as NGINX support on cPanel & WHM servers is still experimental, it will not be available in the WHM graphic user interface right away. Be advised that this is a representation of …
Archive for ProdDevSec
Inside the Security Center section of WHM lies a feature that some cPanel & WHM users may not be familiar with. Security Advisor is a feature that when selected, displays possible security concerns that hosting providers will want to address, as well as a solution to that warning message. The settings that are flagged may be problematic in some configurations but are not something that would be addressed through a cPanel & WHM version …
Reseller’s Guide to ACLs and API Tokens
Several versions ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes that these updates bring. New Reseller Privileges Granted If you are a webhosting provider, you likely sell hosting …
In cPanel & WHM version 76, we implemented a new version of Apache Tomcat® for users that run EasyApache 4. This iteration represents a complete overhaul of our implementation and provides substantial differences from the EasyApache 3 version. The EasyApache 4 implementation of Tomcat configures a private instance for each user. This utilization increases security and allows the user to manage their Tomcat services, but increases memory use on the server. A Glimpse into the Process
Move Over MyDNS and NSD- Here Comes PowerDNS!
One of the useful features that we offer with cPanel & WHM is the ability to run your own DNS server . The nameserver features we have provided in the past have included PowerDNS, MyDNS, BIND, and NSD. With the release of cPanel & WHM Version 78, we are deprecating NSD and MyDNS. New installations of cPanel & WHM version 78 will not allow you to select the NSD or MyDNS nameservers. Our long-term …
The new and improved cPanel & WHM Version 70
It’s been almost two months since we announced the delay of cPanel & WHM Version 70. In that time, we’ve done a whole lot of work. We’re entering brand new territory for us, and Version 70 is at the center of it all. Why the Delay? In late January of this year, we found a performance issue in our backup system that we needed to address before v70 went to the RELEASE tier. Our research revealed …
All versions of Enkompass reached EOL on February 2014. Effective immediately, Enkompass will no longer be available for download, licensing, or indirect support. In accordance with our EOL policy [http://go.cpanel.net/eol], Enkompass will continue to function on servers after it reaches EOL. However, we will not provide further updates (for example, …
Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …
cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169
Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …
cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it …
SUMMARY cPanel, Inc. has released EasyApache 3.26.4 with mod_perl version 2.0.8. This release fixes bugs related to vulnerability CVE-2013-1667 in the mod_perl2 Apache test suite. AFFECTED VERSIONS All versions of Perl 5.8.2 through 5.16.x SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: …
cPanel TSR-2014-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it …
SUMMARY cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, …
Case 93317 Summary Limited SQL injection vulnerability in LeechProtect. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The LeechProtect subsystem built into cPanel & WHM systems allows a website owner to disable HTTP logins for accounts that log in from too many distinct IP …
SUMMARY cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10. AFFECTED VERSIONS All versions of Apache 2.4 …
We are happy to announce the release of EasyApache 3.26 for cPanel & WHM. EasyApache 3.26 features a redesigned profile page that is easier to use and more informative. EasyApache’s redesigned profile page includes cPanel & WHM’s new Optimal Profiles. The new Optimal Profiles include the recommended versions of PHP …
SUMMARY cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14. AFFECTED VERSIONS All versions of PHP 5.4 …
6/17/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which is now available in the RELEASE tier. cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more. Transfer & Restore Renovation …
SUMMARY cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29. AFFECTED VERSIONS All versions of …
6/3/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which is now available in the CURRENT tier. cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more. Transfer & Restore Renovation …
TSR-2014-0004 Full Disclosure Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers …
TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging …
SUMMARY cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all PHP users to upgrade to PHP version 5.5.12 or PHP version 5.4.28. AFFECTED VERSIONS All versions of …
cPanel & WHM software version 11.38 has reached End of Life. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport],11.38 will continue functioning on servers. The last release of cPanel & WHM 11.38, 11.38.2.23, will remain on our mirrors indefinitely. You may continue using this last release, but no further updates, such …
cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension. What does this …
SUMMARY cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI …
End of the Road for FrontPage Installations: What to Expect
The end of Microsoft® FrontPage® Extensions installations on cPanel & WHM servers is quickly approaching. FrontPage support has already been removed in EasyApache version 3.24.1 and up and cPanel & WHM will be FrontPage-free by version 11.46, which is currently slated for a Fall 2014 release. cPanel & WHM version 11.44 (scheduled for a …
cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it …
Case 85329 Summary Sensitive information disclosed via multiple log files. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces …