SEP
17

cPanel TSR-2019-0005 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-528

Summary

Continue reading
  325 Hits

Copyright

© Cpanel

325 Hits
SEP
17

EasyApache 4 Sept 17 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some of the highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-9-4

yum-plugin-universal-hooks
     ZC-5357: skip duplicate members to avoid running a hook more than once for no reasonscl-php54scl-php55scl-php56scl-php70scl-php71scl-php72scl-php73
     EA-8549: Build php-fpm with pcntllibcurl
     EA-8649: Update libcurl from v7.65.3 to v7.66.0ea-tomcat85
     EA-8645: Update spec file to use %{version} in source fileea-openssl
     EA-8648: Update ea-openssl from v1.0.2s to v1.0.2tea-apache2-config
     EA-8591: Stop letting over-quota errors prevent creation of the session directory

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl version 7.66.0 and OpenSSL version 1.0.2t. This release addresses vulnerabilities related to CVE-2019-5481, CVE-2019-5482, CVE-2019-1547, CVE-2019-1563, and CVE-2019-1552. We strongly encourage all libcurl users to upgrade to version 7.66.0 and all OpenSSL users to upgrade to version 1.0.2t.

AFFECTED VERSIONS
All versions of libcurl through 7.65.3
All versions of OpenSSL through 1.0.2s


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  398 Hits

Copyright

© Cpanel

398 Hits
SEP
16

cPanel TSR-2019-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to 8.0.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

Continue reading
  381 Hits

Copyright

© Cpanel

381 Hits
SEP
04

EasyApache 4 Sept 4 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Included are updates to multiple PHP versions, ea-tomcat85, ea-nodejs10, and a CVE announcement. Please join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-9-4 scl-php71 EA-8634: Update scl-php71 to 7.1.32, drop 7.1.31. scl-php71-meta …
Original author: Phil Hodges
  313 Hits

Copyright

© Cpanel

313 Hits
AUG
29

cPanel & WHM Version 80 Now EOL

With last week’s move to STABLE for Version 82, cPanel & WHM Version 80 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version.

In accordance with our EOL policy, Version 80 will continue to function on servers where it is already installed. The last release of cPanel & WHM Version 80, 80.0.24, will remain on our mirrors indefinitely. However, no further updates, including fixes for known security flaws, will be provided for Version 80. Older releases of cPanel & WHM will be removed from our mirrors.

We recommend that all customers upgrade any existing installations of cPanel & WHM Version 80 to the most recent version of cPanel & WHM Version 82, which you can read about on https://releases.cpanel.net.

If your server setup complicates the process of upgrading to a supported version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgable support team can provide recommendations, upgrade assistance, and more.


About cPanel, L.L.C.

Continue reading
  339 Hits

Copyright

© Cpanel

339 Hits
AUG
22

cPanel & WHM Version 82 now in STABLE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 82 to the STABLE tier! As a reminder, this move also means that support for cPanel & WHM Version 80 has ended. Version 82 brings another round of speed and usability improvements for the product. API calls are up …
Original author: benny Vasquez
  300 Hits

Copyright

© Cpanel

300 Hits
AUG
21

EasyApache 4 Aug 21 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

• ea-apache2
     • EA-8612: Update ea-apache2 from v2.4.39 to v2.4.41
     • EA-8588: Added default RequestReadTimeout for mod_reqtimeout
           CVE-2019-9517
           CVE-2019-10081  
           CVE-2019-10098
           CVE-2019-10092
           CVE-2019-10097
           CVE-2019-10082

• ea-apache2-config
     • EA-8610: Adjust pecl patch for CloudLinux to skip if alt-php in use

• ea-nghttp2
     • EA-8611: Update ea-nghttp2 from v1.39.1 to v1.39.2
          CVE-2019-9511
          CVE-2019-9513

• ea-nodejs10
     • EA-8608: Update ea-nodejs10 from v10.16.1 to v10.16.2

Continue reading
  473 Hits

Copyright

© Cpanel

473 Hits
AUG
20

cPanel Unveils WebPros Summit 2019 (Formerly cPanel Conference) in Atlanta, September 23rd – 26th

cPanel® announces schedule for its 3-day WebProsTM Summit event and welcomes its exhibitors and sponsors.  

Houston, Texas – August 2019 – cPanel, LLC., the Hosting Platform of ChoiceTM, is pleased to announce the change of its annual conference to include the WebPros brands! Plesk®, WHMCS®, SolusVM will all join cPanel at the first annual WebPros Summit.

“It’s been an exciting couple of years for WebPros,” said Ken Power, Vice President of Product Development at cPanel. “Building on the success of the cPanel Conference by inviting the communities of Plesk, WHMCS, and SolusVM is the perfect next step!”

Monday, September 23rd: Certification Day

“The WebPros Summit will expand on the cPanel Conference in a couple of fundamental ways,” said Jesse Asklund, Director of Support at cPanel. “One of them will be to include a full day of certifications from a variety of industry-leading companies in hosting.”

Continue reading
  319 Hits

Copyright

© Cpanel

319 Hits
AUG
07

EasyApache 4 Aug 7 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

2019-8-7

php-cliEA-8537: Fix php version detection when cwd is a symlink.mod_ruid2ZC-5378: Do not call distiller if its does not exist.ea-tomcat85EA-8590: Fix syntax errors in user-init.shea-nodejs10EA-8592: Update ea-nodejs10 to 10.16.1, drop 10.16.0.ea-apache2-configEA-8572: Fixed typo in setting RLimitCPU and RLimitMEMphp71EA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php71-metaEA-8595: Update PHP 7.1 to 7.1.31, drop 7.1.30.php72EA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php72-metaEA-8593: Update PHP 7.2 to 7.2.21, drop 7.2.20.php73EA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.php73-metaEA-8594: Update PHP 7.3 to 7.3.8, drop 7.3.7.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.31, 7.2.21, and 7.3.8. This release addresses vulnerabilities related to CVE-2019-11041 and CVE-2019-11042, plus other vulnerabilities with no number currently assigned. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.31, all PHP 7.2 users to upgrade to version 7.2.21, and all PHP 7.3 users to upgrade to version 7.3.8.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.30
All versions of PHP 7.2 through 7.2.20
All versions of PHP 7.3 through 7.3.7


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  322 Hits

Copyright

© Cpanel

322 Hits
JUL
31

cPanel, the Hosting Platform of Choice, Announces Partnership with CloudLinux extending support for Linux Systems Based on RHEL 6 and CentOS 6

Houston, Texas, July 31, 2019 – cPanel® is excited to announce a partnership with CloudLinux to extend support for systems running Red Hat® Enterprise Linux® 6 and CentOS 6 by nearly 4 years.

Released in 2011, Red Hat Enterprise Linux (RHEL) 6 and CentOS 6 have been receiving only security updates since May of 2017. These operating systems will reach End of Life (EOL) in November of 2020. At that time, without security patches or bug fixes, hosting providers will be required to migrate their customers to avoid using an operating system that is vulnerable to attacks and malware. Additionally, websites hosting on those operating systems will lose compliance with data and system certifications such as SOC 2 and PCI DSS.

To mitigate this scenario and reduce maintenance burden for our community, cPanel and CloudLinux will work together to support CloudLinux OS 6 for cPanel & WHM users until June 30, 2024. Full details about this initiative can be found at cloudlinux.com.

“We are excited to work with CloudLinux to extend the lifecycle of CloudLinux OS 6. Our goals are to give the hosting industry a viable answer and more flexibility in their operations schedule. Hosting companies shouldn’t be required to choose between security and downtime for their customers,” said Ken Power, VP of Product Development for cPanel, L.LC.

Users of the hybrid kernel in CloudLinux OS 6 will effectively enjoy extended support of RHEL 6/CentOS 6 until 2024. By that time, hosting providers will be able to safely migrate directly to RHEL 8, skipping RHEL 7 deployment entirely. RHEL 8 and CentOS 8 will be supported until May 5, 2029. For enterprises and hosting companies running their systems on CloudLinux OS 6, this equates to fewer migrations and less administration.

Continue reading
  278 Hits

Copyright

© Cpanel

278 Hits
JUL
30

cPanel & WHM Version 82 now in RELEASE!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 82 to the RELEASE tier! Version 82 brings another round of speed and usability improvements for the product. API calls are up to 25% faster, and our software has been made even leaner, leading to a reduction in memory …
Original author: benny Vasquez
  237 Hits

Copyright

© Cpanel

237 Hits
JUL
24

EasyApache 4 – July 24 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes updating LiteSpeed from Version 7.4 to 7.5. Join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-24 ea-apache2-config EA-8573 – Removal of ea-php*-php package does not update .htaccess files libcurl …
Original author: benny Vasquez
  283 Hits

Copyright

© Cpanel

283 Hits
JUL
16

cPanel TSR-2019-0004 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

SEC-501

Summary
Demo account remote code execution via faulty URI dispatching.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Description
Errors in the dispatching logic for email autoconfiguration URIs allowed demo accounts to execute functions in the cpanel templating engine that are normally prohibited.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.80.0.22
11.78.0.34

Continue reading
  272 Hits

Copyright

© Cpanel

272 Hits
JUL
15

TSR-2019-0004 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to 7.3.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  360 Hits

Copyright

© Cpanel

360 Hits
JUL
10

EasyApache 4 July 10 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes some PHP version updates. Join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-10 scl-php72 EA-8560: Update PHP 7.2 to version 7.2.20, drop 7.2.19. scl-php72-meta EA-8560: Update PHP 7.2 to …
Original author: Phil Hodges
  231 Hits

Copyright

© Cpanel

231 Hits
JUL
09

cPanel & WHM Version 82 now in CURRENT!

We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 82 to the CURRENT tier! Version 82 brings another round of speed and usability improvements for the product. API calls are up to 25% faster, and our software has been made even leaner, leading to a reduction in memory …
Original author: benny Vasquez
  203 Hits

Copyright

© Cpanel

203 Hits
JUL
02

EasyApache 4 July 2 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. 2019-7-2 apr EA-8542 – Change APR to use USE_SYSVSEM_SERIALIZE for the apr_lock_method. ea-apache2 EA-8533 – Ensure ea-apr and …
Original author: Phil Hodges
  178 Hits

Copyright

© Cpanel

178 Hits
JUN
19

cPanel & WHM Version 80 now in STABLE!

We are happy to announce that cPanel, LLC. has released cPanel & WHM Version 80 to the STABLE tier! For this version, we have focused on speed and expanding the types of websites you can host on a cPanel server.

We want to especially thank those of you who have Send error reports to cPanel for analysis enabled, as you were critical in helping us reduce the install and update times. If you are interested in helping with these decisions in the future, make sure to participate in the cPanel Analytics program!

Take a look at highlights for this version on our release site, or check out the full release notes. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Build Node.js Applications

Website owners can now host Node.js applications on cPanel & WHM servers. Hosting providers can install the ea-nodejs10 module in the Additional Packages section of WHM’s EasyApache 4 interface. | Read More

Plus Addressing Management

cPanel users can disable automatic mailbox creation for plus addressing in the Email Accounts interface. This only affects mailbox creation, and your server will still deliver plus address messages to the correct address. | Read More

Continue reading
  260 Hits

Copyright

© Cpanel

260 Hits
JUN
06

Urgent Updates for 70, 76, and 78 and Exim CVE-2019-10149

In a post on the cPanel Blog last night we shared information regarding an exploit that had been identified in Exim. This exploit allows attackers to execute code as the root user on your server without authentication and was rated a 9.8 out of 10 in severity. While Version 80 was never vulnerable …
Original author: benny Vasquez
  247 Hits

Copyright

© Cpanel

247 Hits
JUN
05

EasyApache 4 June 5 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on SlackDiscord, or Reddit to talk about this update and much more.

ea-apache24EA-8508: Apache crashes with Prefork due to ‘couldn’t release the accept mutexea-nodejs10ZC-5152: Remove mod_passenger requirement from ea-nodejsmod_security2EA-8506: Fix update to Mod_Security 2.9.3: Update is segfaulting on some serversEA-8507: Mod_Security 2.9.3 update some rules fail syntax check / Segmentation faultscl-php71EA-8516: Update scl-php71 from v7.1.29 to v7.1.30scl-php71-metaEA-8516: Update scl-php71 from v7.1.29 to v7.1.30scl-php72EA-8514 : Update scl-php72 from v7.2.18 to v7.2.19scl-php72-metaEA-8514: Update scl-php72 from v7.2.18 to v7.2.19scl-php73EA-8515: Update scl-php73 from v7.3.5 to v7.3.6scl-php73-metaEA-8515: Update scl-php73 from v7.3.5 to v7.3.6

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.30, 7.2.19, and 7.3.6. This release addresses vulnerabilities related to CVE-2019-11038, CVE-2019-11039, and CVE-2019-11040. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.30, all PHP 7.2 users to upgrade to version 7.2.19, and all PHP 7.3 users to upgrade to version 7.3.6.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.29
All versions of PHP 7.2 through 7.2.18
All versions of PHP 7.3 through 7.3.5


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  354 Hits

Copyright

© Cpanel

354 Hits
Advertisement