SUMMARY cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27. AFFECTED VERSIONS All versions of Apache version 2.2 before 2.2.27. SECURITY …
Archive for ProdDevSec
cPanel TSR-2014-0003 Notice of Delay in Disclosure
cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all …
cPanel TSR-2014-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
SUMMARY cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9. AFFECTED VERSIONS All versions of Apache version 2.4 before 2.4.9. SECURITY …
3/17/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel …
SUMMARY cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26. AFFECTED VERSIONS All versions of PHP …
Since the release of EasyApache 3.24.11, you may have noticed a variation of the following warning message when starting EasyApache: Your server is currently on cPanel & WHM version 11.36.2.12. This version of cPanel & WHM has reached End of Life. cPanel & WHM version 11.36.2.12 will continue to receive …
3/3/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the RELEASE tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel …
cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it …
cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is …
cPanel TSR-2014-0002 Announcement cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers. This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system. cPanel …
2/10/2014 Houston, TX – cPanel, Inc. has released EasyApache 3.24. This version removes Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life (EOL) items are no longer available in EasyApache. These items have been removed for the following reasons: They are no …
Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default …
cPanel & WHM software version 11.36 has reached End of Life. In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport],11.36 will continue functioning on servers. The last release of cPanel & WHM 11.36, being 11.36.2.13, will remain on our mirrors indefinitely. You may continue using this last release, but no further updates, …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
EasyApache End of Life Items to be Removed
1/30/2014 Houston, TX – cPanel, Inc. tentatively plans to release EasyApache 3.24 in the very near future. This version will include the removal of Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life items will no longer be available in EasyApache. These …
1/28/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the CURRENT tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel …
Enkompass version 3.0 will reach End of Life in February 2014. In accordance with our EOL policy [go.cpanel.net/eol], Enkompass will continue to function on servers after it reaches EOL. However, we will not provide further updates (for example, security fixes and installations) for Enkompass version 3.0 after it reaches its …
cPanel & WHM software version 11.36 will reach End of Life at the end of January 2014. In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport],11.36 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.36 once it reaches …
Case 84681 Summary Arbitrary file read for ACL limited reseller accounts via XML-API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels of Important. …
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …