Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level privilege escalation. That means that you won’t need to be able to access the server as a user to exploit the server, as is the case with most security vulnerabilities that are found. How to Protect Yourself The best …
Posts Tagged CVE
Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …
EasyApache 3.26.4 Released
SUMMARY cPanel, Inc. has released EasyApache 3.26.4 with mod_perl version 2.0.8. This release fixes bugs related to vulnerability CVE-2013-1667 in the mod_perl2 Apache test suite. AFFECTED VERSIONS All versions of Perl 5.8.2 through 5.16.x SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: …
EasyApache 3.26.3 Released
SUMMARY cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, …
EasyApache 3.26.2 Released
SUMMARY cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10. AFFECTED VERSIONS All versions of Apache 2.4 …
EasyApache 3.24.22 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14. AFFECTED VERSIONS All versions of PHP 5.4 …
EasyApache 3.24.19 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29. AFFECTED VERSIONS All versions of …
EasyApache 3.24.18 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all PHP users to upgrade to PHP version 5.5.12 or PHP version 5.4.28. AFFECTED VERSIONS All versions of …
cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension. What does this …
EasyApache 3.24.15 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI …
EasyApache 3.24.14 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27. AFFECTED VERSIONS All versions of Apache version 2.2 before 2.2.27. SECURITY …
EasyApache 3.24.13 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9. AFFECTED VERSIONS All versions of Apache version 2.4 before 2.4.9. SECURITY …
EasyApache 3.24.12 Released
SUMMARY cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26. AFFECTED VERSIONS All versions of PHP …
(Feb 16) Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 [More…]
(Feb 10) Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 [More…]
(Jan 23) A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban. [More…]
(Jan 17) The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution (squeeze) is not affected by this regression. [More…]
(Jan 17) Multiple security issues have been found in Libvirt, a virtualisation abstraction library: CVE-2013-6458 [More…]
SUMMARY cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7. AFFECTED VERSIONS All versions of PHP 5.3 …
(Dec 9) Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 [More…]
(Dec 7) Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 [More…]
(Dec 3) Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure [More…]
(Nov 26) Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon: CVE-2013-2236 [More…]
The following features were added:
[+] (Windows) BIND DNS server was updated to version 9.9.4-P1, CVE-2013-6230 vulnerability is closed.
[+] (Windows) Horde webmail was updated to version 5.1.5, CVE-2013-6275 vulnerability is closed.
The following issues were resolved:
[-] The piped logging feature did not write access_logs for add-on domains and subdomains.
[-] Plesk could not register PHP handlers because of wrong directives in php.ini or if running php -v returned exit code 1. (PPPM-808, PPPM-885)
[-] Chained SSL certificates no longer worked with nginx after upgrade.
[-] During upgrade to Plesk 11.5, the directories of add-on domains were incorrectly relocated in the new structure of virtual hosts.
(Nov 17) Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 [More…]
(Nov 13) Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 [More…]
(Oct 26) Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 [More…]
(Oct 24) The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem. [More…]
(Oct 20) Multiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library: CVE-2013-4623 [More…]
(Aug 31) Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 [More…]