MAY
21

cPanel TSR-2018-0003 Announcement

cPanel TSR-2018-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  694 Hits

Copyright

© Cpanel

694 Hits
MAY
08

cPanel & WHM Version 70 in RELEASE!

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 70 to the RELEASE tier! Below are just a few of the updates included in this version.

Geofilter User Logins

Server Administrators can now drastically increase security with cPHulk’s new “Country Management” interface. By blocking or white-listing logins in the new “Country Management” interface, you can define who is allowed to log in to your cPanel accounts, WHM accounts, and much more.

More details are provided in the Version 70 cPHulk documentation.

Suspend Mail per Email Account

You can now suspend or queue the outgoing mail from a single email account on your server. This feature expands on the options we added in version 54 allowing you to suspend individual email accounts. Read more in the Version 70 Release Notes.

Join the Discussion!

Starting today we have added two more ways for you to interact with us! In addition to IRC, for the next 24 hours you can join us in our Slack and Discord channels.

Continue reading
  587 Hits

Copyright

© Cpanel

587 Hits
MAY
01

EasyApache 2018-05-01 Security Release

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.36, 7.0.30, 7.1.17, and 7.2.5 and released EasyApache 3.36.4 with PHP 5.6.36 on May 1, 2018. This release addresses vulnerabilities related to CVE-2018-10549, CVE-2018-10548, CVE-2018-10547, and CVE-2018-10546. We strongly encourage all PHP 5.6 users to update to version 5.6.36, PHP 7.0 users to update to version 7.0.30, PHP 7.1 users to update to version 7.1.17, and PHP 7.2 users to update to version 7.2.5.

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.35
All versions of PHP 7.0 through 7.0.29
All versions of PHP 7.1 through 7.1.16
All versions of PHP 7.2 through 7.2.4

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-10549 – MEDIUM
PHP 5.6.36
Fixed bug in EXIF extensions related to CVE-2018-10549

PHP 7.0.30
Fixed bug in EXIF extensions related to CVE-2018-10549

Continue reading
  619 Hits

Copyright

© Cpanel

619 Hits
APR
30

Version 62 EOL 2 months

cPanel & WHM version 62 will reach End of Life at the end of June, 2018, and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, such as security fixes and installations, will be provided for 62 once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM version 62 to the most recent version of cPanel & WHM 70, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 62EOL2Months-signed.

Original author: benny Vasquez
  884 Hits

Copyright

© Cpanel

884 Hits
APR
03

EasyApache 2018-04-03 Maintenance Release

cPanel, Inc. has updated RPMs for EasyApache 4 with Apache version 2.4.33 and PHP versions 5.6.35, 7.0.29, 7.1.16, and 7.2.4 and released EasyApache 3.36.3 with Apache version 2.4.33 and PHP 5.6.35 on April 3, 2018. This release addresses vulnerabilities related to CVE-2017-15710, CVE-2018-1283, CVE-2018-1303, CVE-2018-1301, CVE-2017-15715, CVE-2018-1312, and CVE-2018-1302. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.33 and all PHP 5.6 users to update to version 5.6.35, PHP 7.0 users to update to version 7.0.29, PHP 7.1 users to update to version 7.1.16, and PHP 7.2 users to update to version 7.2.4.

AFFECTED VERSIONS
All versions of Apache 2.4 through 2.4.29
All versions of PHP 5.6 through 5.6.34
All versions of PHP 7.0 through 7.0.28
All versions of PHP 7.1 through 7.1.15
All versions of PHP 7.2 through 7.2.3

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1301 – MEDIUM
Apache 2.4.33
Fixed bug in core related to CVE-2018-1301

CVE-2018-1302 – MEDIUM
Apache 2.4.33
Fixed bug in mod_http2 related to CVE-2018-1302

Continue reading
  712 Hits

Copyright

© Cpanel

712 Hits
MAR
20

cPanel TSR-2018-0002 Full Disclosure

cPanel TSR-2018-0002 Full Disclosure

SEC-338

Summary

Arbitrary file chmod during legacy incremental backups.

Security Rating

Continue reading
  601 Hits

Copyright

© Cpanel

601 Hits
MAR
19

cPanel TSR-2018-0002 Announcement

cPanel TSR-2018-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.8 to 8.2.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  653 Hits

Copyright

© Cpanel

653 Hits
MAR
06

EasyApache 03-06-2018 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on Mar 06, 2018, with PHP versions 5.6.34, 7.0.28, 7.1.15, and 7.2.3. This release addresses vulnerabilities related to CVE-2018-7584. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.34, all PHP 7.0 users to upgrade to 7.0.28, PHP 7.1 users to upgrade to version 7.1.15, and all PHP 7.2 users to upgrade to version 7.2.3.

AFFECTED VERSIONS
All versions of PHP 5.6 through version 5.6.33
All versions of PHP 7.0 through version 7.0.27
All versions of PHP 7.1 through version 7.1.14
All versions of PHP 7.2 through version 7.2.2

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-7584 – MEDIUM
PHP 5.6.34
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.0.28
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.1.15
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584
PHP 7.2.3
Fixed bug in http_fopen_wrapper.c related to CVE-2018-7584

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on Mar 06, 2018, with updated versions of PHP 5.6.34, 7.0.28, 7.1.15, and 7.2.3. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

Continue reading
  566 Hits

Copyright

© Cpanel

566 Hits
MAR
05

Version 70 delayed to mid-April

Version 70’s promotion to the RELEASE tier has been delayed and is now tentatively planned for mid-April, 2018. This delay gives us time to address some performance concerns we have uncovered in our testing that may cause problems on high-capacity systems.

Version 72 will be promoted to the EDGE tier after version 70 is promoted to the RELEASE tier. We aren’t currently anticipating a delay in releasing version 72.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 70 features can be found in the Release Notes http://go.cpanel.net/releasenotes.

Original author: benny Vasquez
  751 Hits

Copyright

© Cpanel

751 Hits
FEB
12

Support for cPanel & WHM Version 62 extended to June, 2018

Support for the current LTS (Long Term Support) version, cPanel & WHM Version 62, has been extended to June 30th, 2018. This extension is a one-time extension and has been granted to help ease the scheduling pressure caused by security flaws in the kernel of many servers that use cPanel & WHM.

Support is not extended for any other Version, and Version 70 will still be the only new cPanel & WHM version to enter the LTS tier in 2018.

As of June 30th, 2018 Version 62 will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 62 will continue functioning on servers where it is already installed. However, no further updates, including security fixes and installations, will be provided for 62 once it reaches End of Life.

The next LTS version of cPanel & WHM, version 70, is the CURRENT tier. We anticipate version 70 entering the STABLE tier in early- to mid-March.

Continue reading
  808 Hits

Copyright

© Cpanel

808 Hits
JAN
25

EasyApache 2018-01-25 Security Release

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.58.0 on January 25, 2018. This release addresses vulnerabilities related to CVE-2018-1000007. We strongly encourage cURL users to upgrade to version 7.58.0.

AFFECTED VERSIONS
All versions of cURL through 7.57.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-1000007 – MEDIUM
cURL 7.58.0
Fixed bug in authorization: headers related to CVE-2018-1000007

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 25, 2018, with a updated versions of cURL 7.58.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

Continue reading
  690 Hits

Copyright

© Cpanel

690 Hits
JAN
23

cPanel TSR-2018-0001 Full Disclosure

cPanel TSR-2018-0001 Full Disclosure

SEC-308

Summary

SRS secret revealed in exim.conf.

Security Rating

Continue reading
  681 Hits

Copyright

© Cpanel

681 Hits
JAN
22

cPanel TSR-2018-0001 Announcement

cPanel TSR-2018-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  774 Hits

Copyright

© Cpanel

774 Hits
JAN
09

EasyApache 2018-01-09 Maintenance Release

SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.33, 7.0.27, 7.1.13, and 7.2.1 and released EasyApache 3.34.20 with PHP version 5.6.33 on January 9, 2018. This release addresses vulnerabilities related to CVE-2015-8866. We strongly encourage all PHP 5.6 users to upgrade to versions 5.6.33, all PHP 7.0 users to upgrade to version 7.0.27, all PHP 7.1 users to upgrade to version 7.1.13, and all PHP 7.2 users to upgrade to version 7.2.1.

AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.32
All versions of PHP 7.0 through 7.0.26
All versions of PHP 7.1 through 7.1.12
All versions of PHP 7.2 through 7.2.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2015-8866 – HIGH
PHP 7.0.27
Fixed bug in LibXML related to CVE-2015-8866

PHP 7.1.13
Fixed bug in LibXML related to CVE-2015-8866

Continue reading
  692 Hits

Copyright

© Cpanel

692 Hits
JAN
09

cPanel TSR-2018-0001 Publication Delay

cPanel TSR-2018-0001, originally scheduled for Monday January 15 2018, has been delayed one week and is now scheduled for release on Monday January 22 2018. The full disclosure for this TSR is now scheduled for Tuesday January 23 2018.

Original author: Nick Jackson
  895 Hits

Copyright

© Cpanel

895 Hits
DEC
05

EasyApache 2017-12-5 Security Release

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on December 5, 2017, with cURL 7.57.0 and a patch for APR 1.5.2. This release addresses vulnerabilities related to CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, and CVE-2017-12613. We strongly encourage all cURL users to upgrade to version 7.57.0 and all APR users to apply the patch.

AFFECTED VERSIONS
All versions of cURL through 7.56.1
All versions of APR through 1.5.2

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2017-8816 – MEDIUM
cURL 7.56.1
Fix buffer overrun flaw related to CVE-2017-8816

CVE-2017-8817 – MEDIUM
cURL 7.56.1
Fix read out of bounds flaw related to CVE-2017-8817

Continue reading
  582 Hits

Copyright

© Cpanel

582 Hits
DEC
04

cPanel & WHM Version 68 now in STABLE!

cPanel & WHM Version 68 has now reached the STABLE tier! There are a ton of new features that you may or may not have heard of. Let’s run through some of them!

Restore any single file from your cPanel account backups!

You can now easily restore files from any locally hosted cPanel account backup. We walk you through it in this blog post from last month!

Updated and Expanded API Token and Reseller Permissions

Permissions available for API tokens and resellers have been updated and expanded, to allow you to more granularly control what your users and token can do. The full list of updated and added permissions can be found in the cPanel & WHM version 68 release notes.

Potential Spammer Notification!

Spam is one of the hardest things to combat on any web hosting environment. We’re helping make server administrators even more aware of potential abuse on their server with this brand new notification.

New SSL notifications and AutoSSL user controls!

In version 68 we’ve added more communication around SSL and now cPanel users can see domain statuses and even trigger AutoSSL from their SSL/TLS Status interface. Read all about it in this post on the cPanel blog.

Continue reading
  768 Hits

Copyright

© Cpanel

768 Hits
DEC
04

cPanel & WHM Version 66 Now EOL

cPanel & WHM version 66 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), 66 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 66, 66.0.34, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 66. Older releases of cPanel & WHM 66 will be removed from our mirrors.

We recommend that all customers migrate any existing installations of cPanel & WHM version 66 to the most recent version of cPanel & WHM 68, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.com/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

For the PGP-signed message, see 66 EOL Now – signed.

Original author: benny Vasquez
  1167 Hits

Copyright

© Cpanel

1167 Hits
NOV
21

cPanel TSR-2017-0006 Full Disclosure

cPanel TSR-2017-0006 Full Disclosure

SEC-236

Summary

Add ‘ssl’ to the list of reserved usernames.

Security Rating

Continue reading
  669 Hits

Copyright

© Cpanel

669 Hits
NOV
20

cPanel TSR-2017-0006 Announcement

cPanel TSR-2017-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.0 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading
  631 Hits

Copyright

© Cpanel

631 Hits
Advertisement