JAN
21

cPanel TSR-2020-0001 Full Disclosure

SEC-515

Summary

Self-XSS vulnerability via temporary character set specification.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Continue reading
  22 Hits

Copyright

© Cpanel

22 Hits
JAN
20

cPanel TSR-2020-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to 9.1.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  5 Hits

Copyright

© Cpanel

5 Hits
JAN
01

Update to cPanel’s Privacy Policy

cPanel is updating our Privacy Policy in our continued commitment to helping customers and users of our software understand how we use their data and to provide transparency. The Privacy Policy has been updated to facilitate compliance with the CCPA (California Consumer Protection Act), taking effect on January 1st, 2020. Additionally, cPanel has created several links that allow users to determine what information that cPanel has and to request that we take actions related to that data. These actions include adding sections to reflect updates to our use of information and some technical corrections.

This post is a simple summary of the updates to the Privacy Policy, and we highly recommend reviewing the policy in its entirety, located here

Sale of Personal Information

The CCPA requires cPanel to disclose whether cPanel “sells” personal information. cPanel does not commercialize user information in the traditional sense. However, because some personal data is transmitted to third parties to facilitate the use of products and services, we have provided more details about this use. Our Privacy Policy contains a method for you to decide to instruct us not to use your information in this way, regardless of whether it is a “sale” in the traditional sense. We will provide other ways to make this choice in the future. It is essential that you review our privacy policy for the impact that this choice may have before making it.

Authentication

Continue reading
  8 Hits

Copyright

© Cpanel

8 Hits
DEC
23

cPanel Announces Collaboration with Google Cloud to Bring cPanel & WHM to Google Cloud Platform Marketplace

FOR IMMEDIATE RELEASE

System Administrators, Web Hosting Providers can access cPanel & WHM for cloud servers and virtual machines with GCP Marketplace.  

Houston, Texas – December 20, 2019 – cPanel L.L.C., a hosting server management solution, announced its availability on Google Cloud Platform Marketplace (GCP Marketplace), allowing customers to easily launch a Google Cloud instance with a cPanel & WHM® image. Under this new collaboration, hosting providers and direct consumers can install a license immediately after they spin up their Google Compute Engine™ instance and quickly set up and administer accounts. 

cPanel & WHM is a robust web hosting automation software suite. Containing all of the essential tools needed for hosting providers and resellers to manage customer accounts, create and maintain websites, and to secure and optimize their servers, cPanel & WHM is an integral part of supporting operations at some of the world’s most well-known hosting providers, including virtual machines and cloud servers. GCP Marketplace allows customers to easily start up familiar software packages such as cPanel & WHM with Google Compute Engine, with no manual configuration required.

“cPanel is excited to be a part of GCP Marketplace. This platform is popular with our partners and we’re looking forward to supporting them as they turn to hyperscale solutions,” says Todd Mitchell, Chief Operating Officer of WebPros™, cPanel’s parent company.

Continue reading
  6 Hits

Copyright

© Cpanel

6 Hits
DEC
23

EasyApache 4 Dec 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

• scl-php72
• scl-phh72-meta
     • EA-8797: Update scl-php72 from v7.2.25 to v7.2.26
     • Bcmath:
          • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
     • Core:
          • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
          • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
     • EXIF:
          • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
          • Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)

• scl-php73
• scl-php73-meta
     • EA-8798: Update scl-php73 from v7.3.12 to v7.3.13     
     • Bcmath:
          • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)     
     • Core:
          • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
          • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
          • Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
     • EXIF:
          • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
          • Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047)

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.26 and 7.3.13. This release addresses vulnerabilities related to CVE-2019-11046, CVE-2019-11044, CVE-2019-11045, CVE-2019-11049, CVE-2019-11050, and CVE-2019-11047. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.26 and all PHP 7.3 users to upgrade to version 7.3.13.

Continue reading
  15 Hits

Copyright

© Cpanel

15 Hits
DEC
18

EasyApache 4 Dec 18 Release

2019-12-18 We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. ea-apache2 COBRA-10665: Optimizing finding directives when parsing the configuration. ea-profiles-cpanel ZC-5770: Add iconv and mbstring to the cPanel …
Original author: Tabby Worthington
  13 Hits

Copyright

© Cpanel

13 Hits
DEC
18

cPanel & WHM Version 82 Now EOL

cPanel & WHM Version 82 Now EOL

December 18, 2019

With last week’s move to STABLE for Version 84, cPanel & WHM Version 82 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version.

In accordance with our EOL policy, Version 82 will continue to function on servers where it is already installed. The last release of cPanel & WHM Version 84, 84.0.17, will remain on our mirrors indefinitely. However, no further updates, including fixes for known security flaws, will be provided for Version 82. Older releases of cPanel & WHM will be removed from our mirrors.

We recommend that all customers upgrade any existing installations of cPanel & WHM Version 82 to the most recent version of cPanel & WHM Version 84, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of upgrading to a supported version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgable support team can provide recommendations, upgrade assistance, and more.

Continue reading
  10 Hits

Copyright

© Cpanel

10 Hits
DEC
11

cPanel & WHM Version 84 Now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 84 to the STABLE tier! As a reminder, this move also means that support for cPanel & WHM Version 82 has ended. Version 84 brings another round of speed and usability improvements for the product. Now including PowerDNS for DNS …
Original author: Phil Hodges
  6 Hits

Copyright

© Cpanel

6 Hits
NOV
26

EasyApache 4 Nov 26 Release

2019-11-26 We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. scl-php54scl-php55scl-php56scl-php70scl-php71     • EA-8762: Update litespeed from upstream to 7.6 scl-php72scl-php72-meta     • EA-8760: …
Original author: Phil Hodges
  346 Hits

Copyright

© Cpanel

346 Hits
NOV
20

EasyApache 4 Nov 20 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-11-20 ea-openssl11     ZC-5606: Create ea-openssl11 package for openssl v1.1.1 ea-libcurl     EA-8739: Update libcurl …
Original author: Phil Hodges
  372 Hits

Copyright

© Cpanel

372 Hits
NOV
19

cPanel TSR-2019-0006 Full Disclosure

SEC-499

Summary

Authentication bypass due to variations in webmail username handling.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Continue reading
  348 Hits

Copyright

© Cpanel

348 Hits
NOV
18

cPanel TSR-2019-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 8.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  404 Hits

Copyright

© Cpanel

404 Hits
OCT
30

EasyApache 4 Oct 30 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-10-30

ea-cpanel-tools
     ZC-5740: Add yum var to ea4_repo_uri_os.

ea-nodejs10
     EA-8715: Update ea-nodejs10 to 10.17.0, drop  10.16.3.

php-cli
     EA-7961: Remove deprecated -ea_php flag

scl-php71
scl-php71-meta
     EA-8722: Update scl-php71 to 7.1.33, drop 7.1.32.

Continue reading
  393 Hits

Copyright

© Cpanel

393 Hits
OCT
29

cPanel & WHM Version 84 now in RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 84 to the RELEASE tier! cPanel & WHM Version 84 introduces a slew of new tools and improvements to the product. Now including PowerDNS for DNS clustering, DNSSEC improvements, an overhauled Apache Configuration file, and multiple interface updates, cPanel …
Original author: Phil Hodges
  314 Hits

Copyright

© Cpanel

314 Hits
OCT
29

cPanel Announces Its Newest Partnership With Linode

cPanel Announces Its Newest Partnership With Linode

October 29, 2019

cPanel, L.L.C., the Hosting Platform of Choice, announces its newest partnership with Linode, allowing simplified server management by providing access to cPanel & WHM® on Linode.

Houston, Texas, October 29, 2019 – cPanel is excited to announce a new partnership with independent open cloud provider Linode. cPanel & WHM is now available directly from the Linode Cloud Manager. 

Interfacing seamlessly with CentOS7, the partnership brings together the simplicity and intuitiveness of cPanel & WHM with the reliability of Linux®. As a result, creating new websites and hosting environments is faster and easier than ever. cPanel & WHM on Linode allows users to access the full suite of robust cPanel features and world-class customer service. Users can not only manage their web hosting, they can also easily manage webmail, forwarding, email authentication, and handle spam all in one place. 

Continue reading
  378 Hits

Copyright

© Cpanel

378 Hits
OCT
23

EasyApache 4 Oct 23 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-10-23 ea-apache2-config EA-8329: Fix error in phpfpm cleanup script. ea-tomcat85 EA-8702: Update ea-tomcat85 to 8.5.47, drop 8.5.46. …
Original author: Phil Hodges
  298 Hits

Copyright

© Cpanel

298 Hits
OCT
09

EasyApache Oct 9 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes some updates to ea-ruby24 and various CVEs. Please review and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-10-9 ea-ruby24 EA-8682: Update Ruby to 2.4.9, drop 2.4.7 (with …
Original author: Phil Hodges
  312 Hits

Copyright

© Cpanel

312 Hits
OCT
07

cPanel & WHM Version 84 Now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 84 to the CURRENT tier! cPanel & WHM Version 84 introduces a slew of new tools and improvements to the product. Now including PowerDNS for DNS clustering, DNSSEC improvements, an overhauled Apache Configuration file, and multiple interface updates, cPanel …
Original author: Phil Hodges
  313 Hits

Copyright

© Cpanel

313 Hits
OCT
02

EasyApache 4 Oct 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes updates a number of PHP versions, libcurl, ea-tomcat85, openssl, apache2-config and more! Join us on SlackDiscord, or Reddit to talk about this update and much more.

• yum-plugin-universal-hooks
     ZC-5357: skip duplicate members to avoid running a hook more than once for no reason

• scl-php54
• scl-php55
• scl-php56
• scl-php70
• scl-php71
• scl-php72
• scl-php73
     EA-8549: Build php-fpm with pcntl

• libcurl
     EA-8649: Update libcurl from v7.65.3 to v7.66.0

• ea-tomcat85
      EA-8645: Update spec file to use %{version} in source file

Continue reading
  385 Hits

Copyright

© Cpanel

385 Hits
SEP
25

cPanel(R), the Hosting Platform of Choice, Announces a New Technology Partnership With Alibaba Cloud – cPanel & WHM(R) Are Now Available in the Alibaba Cloud International Marketplace

cPanel®, the Hosting Platform of ChoiceTM, announces a new technology partnership with Alibaba Cloud. cPanel & WHM® is immediately available in the Alibaba Cloud International Marketplace.

Houston, Texas, September 2019 – cPanel is excited to announce a new technology partnership with Alibaba Cloud. cPanel & WHM is immediately available in the Alibaba Cloud International Marketplace.

Established in 2009, Alibaba Cloud, the data intelligence backbone of Alibaba Group, is among the world’s top three IaaS providers, according to Gartner. It is also the largest provider of public cloud services in China, according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations, and public services. The Alibaba Cloud International Marketplace offers a variety of pre-installed and secure software images on their Elastic Compute Service (ECS). 

Integrating cPanel & WHM’s robust toolset and world-class support with Alibaba Cloud is a strategic next step for cPanel as it continues to expand its global presence. By partnering with Alibaba Cloud and making cPanel & WHM readily available, our customers can quickly deploy resources and grow their businesses on highly scalable and global infrastructure.

“We’re excited to partner with Alibaba Cloud–a leading Cloud provider to extend the global reach of cPanel and WHM. Alibaba’s strong presence across Asia provides our customers the opportunity to grow alongside cPanel in the global community,” said Todd Mitchell, Chief Operating Officer, cPanel, a WebPros company.

Continue reading
  312 Hits

Copyright

© Cpanel

312 Hits
Advertisement