The following issues have been resolved:
[-] Users could not access the website folder for managing files of the website if Classic List was selected in Websites & Domains > Domains List Settings. The following error occurred: “Invalid URL was requested”. (PPP-10818)
[-] (Linux) Administrators could not create a backup of the server. The error message about the wrong format of the backup file appeared. (PPP-10804)
[-] The administrator’s interface language switched back to default (English) after visiting the Tools & Settings > Backup Manager > Scheduled Backup Setting screen. (PPP-10784, PPPM-1738)
[-] If users customized their domain PHP settings and then the administrator modified other settings on their subscription, the domain PHP setting changed back to default. (PPP-10744, PPPM-1779)
[-] (Linux) Administrators could not migrate reseller’s subscriptions without migrating the reseller. (PPP-10691, PPPM-1754)
[-] (Windows) On Windows 2012 x64, Plesk administrators could not install a Plesk license key on Plesk inside a Hyper-V virtual machine. The error saying that the license key is invalid occurred.
[-] (Windows) Administrators could not migrate domains with a remote MSSQL database if the MSSQL server was running on any port other than default 1433. (PPP-10800, PPPM-1802)
Posts Tagged key
Keys left unchanged in many Heartbleed replacement certificates!
Although many secure websites reacted promptly to the
Heartbleed bug by patching OpenSSL, replacing their SSL certificates, and revoking the old certificates, some have made the critical mistake of reusing the potentially-compromised private key in the new certificate. Since the Heartbleed bug was announced on 7 April, more than 30,000 affected certificates have been revoked and […]
As the results of CloudFlare’s challenge have demonstrated, a server’s private key can be extracted using the Heartbleed vulnerability. Consequently, the 500,000+ certificates used on web servers supporting TLS heartbeat should be urgently replaced and revoked. Whilst the replacement and revocation process has begun — 80,000 certificates have been revoked since the announcement — it […]
Heartbleed certificate revocation tsunami yet to arrive
Only 30,000 of the 500,000+ SSL certificates affected by the Heartbleed bug have been reissued up until today, and even fewer certificates have been revoked. There has been a noticeable rise in certificate re-issuance since 7 April 2014 Some of the first sites to deploy newly issued certificates in response to the OpenSSL vulnerability included Yahoo, Adobe, […]
I’m pleased to announce the availability of WordPress 3.7 Beta 1. For WordPress 3.7 we decided to shorten the development cycle and focus on a few key improvements. We plan to release the final product in October, and then follow it in December with a jam-packed WordPress 3.8 release, which is already in development. Some […]
(Jul 29) Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
Debian: 2731-1: libgcrypt11: information leak
(Jul 29) Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
The following bugs have been fixed:
[-] Several issues related to the operation of Apache web server were resolved.
[-] Dedicated IIS application pool settings defined in service templates were not propagated to the subscriptions based on those templates.
How certificate revocation (doesn’t) work in practice
Certificate revocation is intended to convey a complete withdrawal of trust in an SSL certificate and thereby protect the people using a site against fraud, eavesdropping, and theft. However, some contemporary browsers handle certificate revocation so carelessly that the most frequent users of a site and even its administrators can continue using an revoked certificate […]
Creating a CSR from WHM is a very simple. A Certificate Signing request, is given to a certificate authority, to issue a signed and verified SSL. The secure socket layer certificate is used on web servers to encrypt data that […] ↓ Read the rest of this entry…
cPanel & WHM Security Releases for 11.32, 11.34, and 11.36
cPanel has published security updates for all supported versions of cPanel & WHM. These updates contain fixes for a problem with the Roundcube webmail application. We recommend all customers update to the latest build of each version as soon as possible. The cPanel Security Team has assigned a rating of …