© Cpanel
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.
This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.38. This release addresses vulnerabilities related to CVE-2019-0190, CVE-2018-17199, and CVE-2018-17189. We strongly encourage all Apache users to update to version 2.4.38.
AFFECTED VERSIONS
All versions of Apache through Apache 2.4.37
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
© Cpanel
Yesterday we released new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the updates that were included in these builds.
SEC-415
Summary
Internal data disclosed to OpenID providers.
Security Rating
© Cpanel
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.
Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
RELEASES
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.
This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.40, 7.1.26, and 7.2.14. This release addresses vulnerabilities related to CVE-2016-10166, CVE-2018-19935, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.40, all PHP 7.1 users to upgrade to version 7.1.26, and all PHP 7.2 users to upgrade to version 7.2.14.
AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.39
All versions of PHP 7.1 through 7.1.25
All versions of PHP 7.2 through 7.2.13
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
© Cpanel
We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the CURRENT tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. Take a look at highlights on our release site, or check out the full release notes for v78. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.
When emails stop flowing, tracking down why can be incredibly difficult. This brand new interface in cPanel is specifically designed to help users stop those failures before they happen.
System administrators now have more power at their fingertips with automatic PHP INI settings in the WHM interface as well as access the system PHP-FPM Pool Options in the new System PHP-FPM Configuration tab.
Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 78 features can be found in the Release Notes.
To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates mailing lists: cPanel Mailing List.
© Cpanel
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.5. This release addresses vulnerabilities related to CVE-2018-16396 and CVE-2018-16395. We strongly encourage all Ruby users to update to version 2.4.5.
AFFECTED VERSIONS
All versions of Ruby through Ruby 2.4.4
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2018-16395 – CRITICAL
Ruby 2.4.5
Fixed bug related to CVE-2018-16839
CVE-2018-16396 – HIGH
Ruby 2.4.5
Fixed bug related to CVE-2018-16840
© Cpanel
The current LTS (Long Term Support) version, cPanel & WHM version 70, will reach End of Life at the end of March 2019. At that time, Version 70 will no longer be supported by cPanel except when upgrading to a supported version. We recommend that all customers migrate any existing installations of cPanel & WHM version 70 to a supported version of cPanel & WHM before that date.
In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 70 will continue functioning on servers where it is already installed. However, no further updates, including security fixes and installations, will be provided for 70 once it reaches End of Life.
You can read about all the changes and new features that have been added since cPanel & WHM Version 70 on https://releases.cpanel.net. Version 78, set to be released in January 2019, will be the only version to enter the LTS tier in 2019.
If your server setup complicates the process of migrating to a newer version of cPanel & WHM (a list of upgrade blockers is available at https://go.cpanel.net/blockers), then the cPanel support team is here to help! Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.
For the PGP-Signed version of this announcement please see 70 EOL in 3 Months-signed.
© Cpanel
As of cPanel & WHM Version 76’s move to STABLE on December 18th, cPanel & WHM Version 74 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version.
In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 74 will continue functioning on servers where it is already installed. The last release of cPanel & WHM version 74, 74.0.12, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 74. Older releases of cPanel & WHM 74 have been removed from our mirrors.
We recommend that all customers migrate any existing installations of cPanel & WHM Version 74 to the most recent version of cPanel & WHM 76, which you can read about on https://releases.cpanel.net.
If your server setup complicates the process of migrating to a newer version of cPanel & WHM (a list of upgrade blockers is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.
For the PGP-Signed version of this announcement please see 2018-12-25 74 EOL Reminder – signed.
© Cpanel
We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 76 to the STABLE tier! Take a look at highlights on our release site, or check out the full release notes for v76. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.
In Version 76 we have added a streamlined setup process for cPanel & WHM servers, as well as a brand new homepage for WHM. This improved user experience eliminates the extra steps for most users and leaves only the most useful interfaces during the setup process, welcoming new users, while retaining the power more experienced users like.
Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 76 features can be found in the Release Notes.
To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates mailing lists: cPanel Mailing List.
© Cpanel
SUMMARY
cPanel, L.L.C. has published EasyApache 3.36.11 with PHP version 5.6.39. This release addresses vulnerabilities related to CVE-2018-19518 and CVE-2018-19935. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.39.
AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.38
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
© Cpanel
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.39, 7.0.33, 7.1.25, and 7.2.13 This release addresses vulnerabilities related to CVE-2018-19518 and CVE-2018-19935. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.39, all PHP 7.0 users to upgrade to version 7.0.33, all PHP 7.1 users to upgrade to version 7.1.25, and all PHP 7.2 users to upgrade to version 7.2.13.
AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.38
All versions of PHP 7.0 through 7.0.32
All versions of PHP 7.1 through 7.1.24
All versions of PHP 7.2 through 7.2.12
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2018-19518 – MEDIUM
PHP 5.6.39
Fixed bug in IMAP module related to CVE-2018-19518
PHP 7.0.33
Fixed bug in IMAP module related to CVE-2018-19518
© Cpanel
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.0.2q on December 5, 2018. This release addresses vulnerabilities related to CVE-2018-5407 and CVE-2018-0734. We strongly encourage all OpenSSL users to update to version 1.0.2q.
AFFECTED VERSIONS
All versions of OpenSSL through OpenSSL 1.0.2p
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2018-5407 – MEDIUM
OpenSSL 1.0.2q
Fixed bug related to CVE-2018-5407
CVE-2018-0734 – MEDIUM
OpenSSL 1.0.2q
Fixed bug related to CVE-2018-0734
© Cpanel
cPanel TSR-2018-0006 Full Disclosure
SEC-366
Summary
PostgreSQL password changes performed in an insecure manner.
Security Rating
© Cpanel
cPanel TSR-2018-0006 Announcement
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to 7.8.
Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
© Cpanel
The EasyApache team has published updates to the EasyApache 4 repository. EasyApache 4 does not use versioning and organizes changes by date only.
More Information
Check out the Release notes and the 2018 EasyApache 4 Changelog. All of the details about all this release can be found in the EasyApache 4 Release Notes.
To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates mailing lists: cPanel Mailing List.
© Cpanel
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.62.0. This release addresses vulnerabilities related to CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0.
AFFECTED VERSIONS
All versions of cURL through cURL 7.61.0
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2018-16839 – MEDIUM
cURL 7.62.0
Fixed bug related to CVE-2018-16839
CVE-2018-16840 – MEDIUM
cURL 7.62.0
Fixed bug related to CVE-2018-16840
© Cpanel
We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 76 to the RELEASE tier! Take a look at highlights on our release site, or check out the full release notes for v76. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.
Tomcat in EA4 and New Tomcat Manager Interface
In Version 76 we are releasing a completely overhauled and improved version of Apache Tomcat for EasyApache 4. With the new Tomcat Manager interface in WHM, system administrators can manage the Tomcat status of all users.
Git SSH Host Key Verification
When enabled, the system now automatically performs host key verification whenever cloning a new repository or making changes to a cloned repository, helping to prevent Man-in-the-Middle attacks.
© Cpanel
We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 76 to the CURRENT tier! Take a look at the full release notes, then join us on Slack, Discord, or Reddit to talk about all the exciting improvements.
Apache PHP-FPM for Faster Websites
We are enabling PHP-FPM for Apache by default for all new installations of cPanel & WHM, allowing your websites to serve more visitors.
All UIs now using PHP 7.2!
We are upgrading the internal PHP Version in cPanel & WHM to the faster and more secure PHP 7.2.
© Cpanel
