Comment
cPanel has published a new security release, 11.34.1.7, containing Rails and ProFTPd security fixes. We recommend that all affected customers on the CURRENT, RELEASE, and STABLE tiers update to 11.34.1.7 as soon as possible.
This release addresses two major vulnerabilities with Ruby on Rails (CVE-2012-5664 and CVE-2013-0156) which are resolved in Rails 2.3.15, and one with ProFTPd (CVE-2012-6095) which is resolved in ProFTPd 1.3.5rc1.
phpMyAdmin has also been upgraded from 3.5.3 to 3.5.5.
Please note that, for the Rails update, this release provides the new version but does not remove any previous versions. It is therefore of great importance for any customers using software that currently depends on Rails 2.3.14 to ensure that it uses 2.3.15 moving forward in order to avoid remaining vulnerable.
You may check which version(s) of the Rails and Action Pack gems you have installed using the gem list command.
Example:
# gem list | grep -e actionpack -e rails
actionpack (2.3.15)
rails (2.3.15)
(Jan 8) Updated ruby packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jan 8) Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]