NOV
21

EasyApache 4 November 21 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social …

The post EasyApache 4 November 21 Release first appeared on cPanel Newsroom.
Original author: cPanel
  14 Hits

Copyright

© Cpanel

14 Hits
NOV
16

EasyApache 4 November 16 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social …

The post EasyApache 4 November 16 Release first appeared on cPanel Newsroom.
Original author: cPanel
  22 Hits

Copyright

© Cpanel

22 Hits
NOV
15

cPanel TSR-2022-0005 Full Disclosure

SEC-661

Summary

Fix test used by cpsrvd to check for PHP.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 4.1 CVSS3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

Continue reading
  22 Hits

Copyright

© Cpanel

22 Hits
NOV
14

cPanel TSR-2022-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 scores from 3.3 to 9.0.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  29 Hits

Copyright

© Cpanel

29 Hits
NOV
09

EasyApache 4 November 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community ForumsDiscord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-nodejs16EA-11040: Update ea-nodejs16 from v16.18.0 to v16.18.1(CVE-2022-43548) DNS rebinding in –inspect via invalid octal IP address (Medium)ea-openssl11EA-11035: Update ea-openssl11 from v1.1.1q to v1.1.1sea-nginxEA-10670: Add better guards against bad userdata to configuration scriptEA-11004: Fix Passenger restart failures after rebootea-apache24-mod-passengerEA-11018: Fix Passenger instance registry directory for fresh installsEA-10997: Fix Passenger instance registry directory on Ubuntuea-php74ea-php74-metaEA-11038: Update ea-php74 from v7.4.32 to v7.4.33GD:Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)Hash:Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, and CVE-2022-43548. We strongly encourage all PHP 7.4 users to update to version 7.4.33 and all ea-nodejs16 users to update to version 16.18.1.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.32.
All versions of ea-nodejs16 through 16.18.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  61 Hits

Copyright

© Cpanel

61 Hits
NOV
02

EasyApache 4 November 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community ForumsDiscord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-nginx-njsEA-11017: Update ea-nginx-njs from v0.7.7 to v0.7.8ea-nginxEA-10977: Fix ‘could not build optimal server_names_hash’ warningsea-php80ea-php80-metaEA-11020: Update ea-php80 from v8.0.24 to v8.0.25GD: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)Hash: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)ea-php81ea-php81-metaEA-11021: Update ea-php81 from v8.1.11 to v8.1.12GD: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)Hash: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)libcurlEA-11016: Update libcurl from v7.85.0 to v7.86.0CVE-2022-32221: POST following PUT confusionCVE-2022-35260: .netrc parser out-of-bounds accessCVE-2022-42915: HTTP proxy double-freeCVE-2022-42916: HSTS bypass via IDN

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.1.12 and 8.0.25 and libcurl version 7.86.0. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, CVE-2022-32221, CVE-2022-35260, CVE-2022-42915 and CVE-2022-42916. We strongly encourage all PHP 8.1 users to update to version 8.1.12, all PHP 8.0 users to update to version 8.0.25, and all libcurl users to update to version 7.86.0.

AFFECTED VERSIONS
All versions of PHP 8.1 through 8.1.11.
All versions of PHP 8.0 through 8.0.24.
All versions of libcurl through 7.85.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  49 Hits

Copyright

© Cpanel

49 Hits
OCT
26

EasyApache October 26 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social …

The post EasyApache October 26 Release first appeared on cPanel Newsroom.
Original author: cPanel
  44 Hits

Copyright

© Cpanel

44 Hits
OCT
19

EasyApache October 19 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. …

The post EasyApache October 19 Release first appeared on cPanel Newsroom.
Original author: cPanel
  66 Hits

Copyright

© Cpanel

66 Hits
OCT
11

cPanel Unscheduled TSR-2022-0004 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. SEC-650 Summary cPanel Visitors UI does not always display direct apache access …

The post cPanel Unscheduled TSR-2022-0004 Full Disclosure first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  83 Hits

Copyright

© Cpanel

83 Hits
OCT
10

cPanel Unscheduled TSR-2022-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 5.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  75 Hits

Copyright

© Cpanel

75 Hits
OCT
05

EasyApache October 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-php81ea-php81-metaEA-10958: Update ea-php81 from v8.1.10 to v8.1.11phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)ea-php80ea-php80-metaEA-10961: Update ea-php80 from v8.0.23 to v8.0.24phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629) ea-php74ea-php74-metaEA-10957: Update ea-php74 from v7.4.30 to v7.4.32phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)ea-apache2-configEA-10947: Use %{local}p to send correct port to splitlogs when piped logging is enabled

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.1.11, 8.0.24, and 7.4.32. This release addresses vulnerabilities related to CVE-2022-31628 and CVE-2022-31629. We strongly encourage all PHP 8.21 users to update to version 8.1.11, all PHP 8.0 users to update to version 8.0.24, and all PHP 7.4 users to update to version 7.4.32.

AFFECTED VERSIONS
All versions of PHP 8.1 through 8.1.10.
All versions of PHP 8.0 through 8.0.23.
All versions of PHP 7.4 through 7.4.30.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  77 Hits

Copyright

© Cpanel

77 Hits
OCT
05

cPanel® Version 108 now in EDGE!

We are happy to announce that cPanel Version 108 has now been released to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most often (up …

The post cPanel® Version 108 now in EDGE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  77 Hits

Copyright

© Cpanel

77 Hits
SEP
30

UPDATE EasyApache September 29 Release

cPanel, L.L.C. has released an update for EasyApache 4. Yesterday evening an issue was discovered in our ea-nginx changes that affected hosts with Service SubDomains disabled. ea-nginx EA-10959: Ensure valid nginx configuration when service subdomains are disabled More InformationInformation about all releases this year can be found in the 2022 EasyApache 4 …

The post UPDATE EasyApache September 29 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  76 Hits

Copyright

© Cpanel

76 Hits
SEP
29

EasyApache September 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-apache24-mod-passengerEA-10945: ea-passenger-src was updated from v6.0.14 to v6.0.15ea-apache2-configEA-10935: Account for IPv6 addresses when setting up mod_remoteipEA-10912: Setup mod_remoteip to work with all the server IPs ea-nginxEA-10751: Leave X-Forwarded-Host blank for service subdomainsEA-10671: Calculate ‘server_names_hash_bucket_size’ and ‘server_names_hash_max_size’ at config timeEA-10913:  “no resolver defined” error under a specific circumstance ea-nodejs16EA-10948: Update ea-nodejs16 from v16.17.0 to v16.17.1CVE-2022-32212: DNS rebinding in –inspect on macOS (High)CVE-2022-32213: bypass via obs-fold mechanic (Medium)CVE-2022-35255: Weak randomness in WebCrypto keygenCVE-2022-35256: HTTP Request Smuggling – Incorrect Parsing of Header Fields (Medium)ea-passenger-srcEA-10945: Update ea-passenger-src from v6.0.14 to v6.0.15ea-php80ZC-10260: Link deb against libcurl 4 explicitlyea-php81ZC-10260: Link deb against libcurl 4 explicitly ea-ruby27-passengerEA-10946: Update ea-ruby27-passenger from v6.0.14 to v6.0.15

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with NodeJS version 16.17.1. This release addresses vulnerabilities related to CVE-2022-32212, CVE-2022-32213, CVE-2022-35255, and CVE-2022-35256. We strongly encourage all NodeJS users to update to version 16.17.1.

AFFECTED VERSIONS
All versions of NodeJS through 16.17.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  87 Hits

Copyright

© Cpanel

87 Hits
SEP
21

cPanel® Version 106 now in STABLE!

We are happy to announce that cPanel Version 106 has now been released to the STABLE tier!  To fully explore all the changes in Version 106, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides …

The post cPanel® Version 106 now in STABLE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  81 Hits

Copyright

© Cpanel

81 Hits
SEP
21

EasyApache September 21 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache September 21 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  90 Hits

Copyright

© Cpanel

90 Hits
SEP
07

EasyApache September 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache September 7 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  104 Hits

Copyright

© Cpanel

104 Hits
SEP
01

cPanel® Version 106 now in RELEASE!

We are happy to announce that cPanel Version 106 has now been released to the RELEASE tier!  What’s new in Version 106? So much! Some of the features we’re most excited about include: The ability to customize the Favorites section in WHM by pinning your most-used features. The return of user, …

The post cPanel® Version 106 now in RELEASE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  1050 Hits

Copyright

© Cpanel

1050 Hits
AUG
31

EasyApache August 31 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache August 31 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  120 Hits

Copyright

© Cpanel

120 Hits
AUG
24

EasyApache August 24 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache August 24 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  131 Hits

Copyright

© Cpanel

131 Hits
Advertisement