JAN
09

cPanel TSR-2018-0001 Publication Delay

cPanel TSR-2018-0001, originally scheduled for Monday January 15 2018, has been delayed one week and is now scheduled for release on Monday January 22 2018. The full disclosure for this TSR is now scheduled for Tuesday January 23 2018.

Original author: Nick Jackson
  578 Hits

Copyright

© Cpanel

578 Hits
DEC
05

EasyApache 2017-12-5 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on December 5, 2017, with cURL 7.57.0 and a patch for APR 1.5.2. This release addresses vulnerabilities related to CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, and CVE-2017-12613. We strongly encourage all cURL users to upgrade to version 7.57.0 and all APR users to apply the patch.

AFFECTED VERSIONS
All versions of cURL through 7.56.1
All versions of APR through 1.5.2

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-8816 – MEDIUM
cURL 7.56.1
Fix buffer overrun flaw related to CVE-2017-8816

CVE-2017-8817 – MEDIUM
cURL 7.56.1
Fix read out of bounds flaw related to CVE-2017-8817

Continue reading
  362 Hits

Copyright

© Cpanel

362 Hits
DEC
04

cPanel & WHM Version 68 now in STABLE!

cPanel & WHM Version 68 has now reached the STABLE tier! There are a ton of new features that you may or may not have heard of. Let’s run through some of them!

Restore any single file from your cPanel account backups!

You can now easily restore files from any locally hosted cPanel account backup. We walk you through it in this blog post from last month!

Updated and Expanded API Token and Reseller Permissions

Permissions available for API tokens and resellers have been updated and expanded, to allow you to more granularly control what your users and token can do. The full list of updated and added permissions can be found in the cPanel & WHM version 68 release notes.

Potential Spammer Notification!

Spam is one of the hardest things to combat on any web hosting environment. We’re helping make server administrators even more aware of potential abuse on their server with this brand new notification.

New SSL notifications and AutoSSL user controls!

In version 68 we’ve added more communication around SSL and now cPanel users can see domain statuses and even trigger AutoSSL from their SSL/TLS Status interface. Read all about it in this post on the cPanel blog.

Continue reading
  423 Hits

Copyright

© Cpanel

423 Hits
DEC
04

cPanel & WHM Version 66 Now EOL

cPanel & WHM version 66 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 66 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 66, 66.0.34, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 66. Older releases of cPanel & WHM 66 will be removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM version 66 to the most recent version of cPanel & WHM 68, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.com/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 66 EOL Now – signed.

Original author: benny Vasquez
  723 Hits

Copyright

© Cpanel

723 Hits
NOV
21

cPanel TSR-2017-0006 Full Disclosure

cPanel TSR-2017-0006 Full Disclosure

SEC-236

Summary

Add ‘ssl’ to the list of reserved usernames.

Security Rating

Continue reading
  366 Hits

Copyright

© Cpanel

366 Hits
NOV
20

cPanel TSR-2017-0006 Announcement

cPanel TSR-2017-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.0 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  360 Hits

Copyright

© Cpanel

360 Hits
NOV
07

EasyApache 2017-11-07 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m.

AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2l

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-3735 – LOW
OpenSSL 1.0.2m
Fix parse error in the IPAdressFamily extension related to CVE-2017-3735

CVE-2017-3736 – MEDIUM
OpenSSL 1.0.2m
Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736

Continue reading
  393 Hits

Copyright

© Cpanel

393 Hits
NOV
01

cPanel & WHM Version 68 in RELEASE

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 68 to the RELEASE tier! Below are just a few of the updates included in this version.

New SSL notifications and AutoSSL user controls!

In version 68 we’ve added more communication around SSL and now cPanel users can see domain statuses and even trigger AutoSSL from their SSL/TLS Status interface. Read all about it in this blog post from last week.

Virtuozzo 7 Support

Virtuozzo 7 is a fantastic tool for many of our webhosting providers, and we’re happy to be able to add full support for Virtuozzo 7 to cPanel & WHM’s list of supported platforms.

It’s easier than ever for your clients to find you!

In version 68 cPanel & WHM resellers can now add public contact information, making it easier for their clients to get in contact with them!

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 68 features can be found in the Release Notes.

Continue reading
  423 Hits

Copyright

© Cpanel

423 Hits
OCT
31

EasyApache 31 October 2017 Security Release

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.32, 7.0.25 and 7.1.11, and released EasyApache 3.34.19 with PHP version 5.6.32 on October 31, 2017. This release addresses vulnerabilities related to CVE-2016-1283. We strongly encourage all PHP 5.6 users to upgrade to versions 5.6.32, all PHP 7.0 users to upgrade to version 7.0.25, and all PHP 7.1 users to upgrade to version 7.1.11.

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.31
All versions of PHP 7.0 through 7.0.24
All versions of PHP 7.1 through 7.1.10

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2016-1283 – HIGH
PHP 5.6.32
Fixed bug in PCRE related to CVE-2016-1283

PHP 7.0.25
Fixed bug in PCRE related to CVE-2016-1283

Continue reading
  368 Hits

Copyright

© Cpanel

368 Hits
OCT
31

cPanel & WHM Versions 56 & 60 Now EOL

cPanel & WHM versions 56 & 60 have reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 56 & 60 will continue functioning on servers where they are already installed. The last releases of cPanel & WHM version 56 & 60, 56.0.52 & 60.0.48, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for versions 56 & 60. Older releases of cPanel & WHM Versions 56 & 60 will be removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM versions 56 & 60 to the most recent version of cPanel & WHM, version 68, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.com/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 56 & 60 EOL Now-Signed.

Original author: benny Vasquez
  377 Hits

Copyright

© Cpanel

377 Hits
OCT
20

Researchers warn of new botnet that could take down the internet

2017-10-20-image-24

Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the internet. This botnet consists of millions of internet connected devices, better known as the Internet of Things. They have compared its strength to the now infamous Mirai botnet, but believe it will dwarf Mirai in its speed and growth.

This latest threat has been called the Reaper botnet and makes other attacks look childish. Mirai worked by infecting unsecured devices with default passwords to add them to the botnet. The Reaper works by actively hacking and infiltrating millions of devices around the globe. Wired described it as "the difference between checking for open doors and actively picking locks."

Original author: Spot
  513 Hits

Copyright

© Flipboard and it's respective authors

513 Hits
OCT
16

EasyApache 2017-10-16 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. We strongly encourage all Passenger users to update their system to obtain the patch.

AFFECTED VERSIONS
All versions of Passenger

DESCRIPTION

This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

Continue reading
  400 Hits

Copyright

© Cpanel

400 Hits
OCT
16

cPanel & WHM Version 68 in CURRENT

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 68 to the CURRENT tier! Below are just a few of the updates included in this version.

Restore files from account backups!

In version 68 both cPanel users and WHM users can now restore single files from locally stored account backups.

Updated and Expanded API Token Permissions

Permissions available for API tokens and resellers have been updated and expanded, to allow you to more granularly control what your users and token can do.

Potential Spammer Notification!

We’re helping make server administrators even more aware of potential abuse on their server with this brand new notification.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 68 features can be found in the Release Notes.

Continue reading
  498 Hits

Copyright

© Cpanel

498 Hits
OCT
03

EasyApache 3 October 2017 Maintenance Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 3, 2017, with Ruby 2.4.2. This release addresses vulnerabilities related to CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, and CVE-2017-14064. We strongly encourage all Ruby users to upgrade to version 2.4.2.

AFFECTED VERSIONS
All versions of RubyGems through 2.4.1

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-0898 – HIGH
Ruby 2.4.1
Fix buffer underrun vulnerability in Kernal.sprintf related to CVE-2017-0898

CVE-2017-10784 – MEDIUM
Ruby 2.4.1
Fix escape sequence injection vulnerability related to CVE-2017-10784

Continue reading
  422 Hits

Copyright

© Cpanel

422 Hits
SEP
29

cPanel & WHM Version 56 & 60 EOL in 1 Month

This serves as the final advanced notice of versions 56 and 60 reaching End of Life.

cPanel & WHM versions 56 & 60 will reach End of Life at the end of October, 2017, and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 56 & 60 will continue functioning on servers where it is already installed. However, no further updates, such as security fixes and installations, will be provided for 56 & 60 once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM version 56 & 60 to the most recent version of cPanel & WHM 66, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.com/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

Continue reading
  402 Hits

Copyright

© Cpanel

402 Hits
SEP
20

cPanel & WHM Version 66 hits STABLE

cPanel, Inc. has released cPanel & WHM version 66 to the STABLE tier. Below are a few of the new features in this version.

New Features: cPanel’s WordPress Manager

cPAddons is getting some much-needed developer time, and we have been doing great things for managing WordPress on cPanel servers! Take a look at the blog post that tells you all about it, or read the full release notes.

Other Updates

Increased AutoSSL Control

In Version 66 you can now control which domains are issued SSL certificates by AutoSSL through cPanel’s SSL/TLS Status.

Ruby and Passenger

A brand new EasyApache 4 profile has been added in Version 66 specifically for the new Application Manager. With this new profile installed, we remove the reliance on OS-provided Ruby, giving your users access to a more modern version of Ruby for all of their needs.

More Information

If you haven’t yet, check out the cPanel Release site to see an overview of the latest features and benefits cPanel has to offer! We also talked about these features on the cPanel blog in both the MayJune, and July Development Updates.  Full details about all cPanel & WHM 66 features can be found in the Release Notes

Continue reading
  434 Hits

Copyright

© Cpanel

434 Hits
SEP
20

EasyApache 20 Sept Security Release

*** CORRECTED for date and version number ***

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 and EasyApache 3.34.17 on September 20, 2017, with a patched versions of Apache 2.2 and 2.4 to address the optionsbleed vulnerability related to CVE-2017-9798. We strongly encourage all Apache 2.2 and 2.4 users to upgrade their system and obtain the patch.

AFFECTED VERSIONS
All versions of Apache 2.4 through 2.4.27
All versions of Apache 2.2 through 2.2.34

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-9798 – HIGH

Continue reading
  370 Hits

Copyright

© Cpanel

370 Hits
SEP
19

cPanel TSR-2017-0005 Full Disclosure

cPanel TSR-2017-0005 Full Disclosure

SEC-276

Summary

SQL injection in eximstats processing.

Security Rating

Continue reading
  400 Hits

Copyright

© Cpanel

400 Hits
SEP
18

cPanel TSR-2017-0005 Announcement

cPanel TSR-2017-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  413 Hits

Copyright

© Cpanel

413 Hits
SEP
06

EasyApache Sept 6 2017 Maintenance Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on September 6, 2017, with PHP versions 7.0.23 and 7.1.9 and RubyGems 2.6.13. This release addresses vulnerabilities related to CVE-2017-12932, CVE-2017-0902, CVE-2017-0899, CVE-2017-0900, and CVE-2017-0901. We strongly encourage all all PHP 7.0 users to upgrade to version 7.0.23, all PHP 7.1 users to upgrade to version 7.1.9, and all RubyGems users to upgrade to version 2.6.13.

AFFECTED VERSIONS
All versions of PHP 7.0 through 7.0.22
All versions of PHP 7.1 through 7.1.8
All versions of RubyGems through 2.6.12

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-12932 – HIGH
PHP 7.0.23
Fixed bug in the standard library related to CVE-2017-12932

PHP 7.1.9
Fixed bug in the standard library related to CVE-2017-12932

Continue reading
  394 Hits

Copyright

© Cpanel

394 Hits
Advertisement