© Cpanel
© Cpanel
SEC-499
Summary
Authentication bypass due to variations in webmail username handling.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
© Cpanel
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 8.8.
Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
RELEASES
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.
ea-cpanel-tools
ZC-5740: Add yum var to ea4_repo_uri_os.
ea-nodejs10
EA-8715: Update ea-nodejs10 to 10.17.0, drop 10.16.3.
php-cli
EA-7961: Remove deprecated -ea_php flag
scl-php71
scl-php71-meta
EA-8722: Update scl-php71 to 7.1.33, drop 7.1.32.
© Cpanel
© Cpanel
cPanel Announces Its Newest Partnership With Linode
October 29, 2019
cPanel, L.L.C., the Hosting Platform of Choice, announces its newest partnership with Linode, allowing simplified server management by providing access to cPanel & WHM® on Linode.
Houston, Texas, October 29, 2019 – cPanel is excited to announce a new partnership with independent open cloud provider Linode. cPanel & WHM is now available directly from the Linode Cloud Manager.
Interfacing seamlessly with CentOS7, the partnership brings together the simplicity and intuitiveness of cPanel & WHM with the reliability of Linux®. As a result, creating new websites and hosting environments is faster and easier than ever. cPanel & WHM on Linode allows users to access the full suite of robust cPanel features and world-class customer service. Users can not only manage their web hosting, they can also easily manage webmail, forwarding, email authentication, and handle spam all in one place.
© Cpanel
© Cpanel
© Cpanel
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes updates a number of PHP versions, libcurl, ea-tomcat85, openssl, apache2-config and more! Join us on Slack, Discord, or Reddit to talk about this update and much more.
• yum-plugin-universal-hooks
ZC-5357: skip duplicate members to avoid running a hook more than once for no reason
• scl-php54
• scl-php55
• scl-php56
• scl-php70
• scl-php71
• scl-php72
• scl-php73
EA-8549: Build php-fpm with pcntl
• libcurl
EA-8649: Update libcurl from v7.65.3 to v7.66.0
• ea-tomcat85
EA-8645: Update spec file to use %{version} in source file
© Cpanel
cPanel®, the Hosting Platform of ChoiceTM, announces a new technology partnership with Alibaba Cloud. cPanel & WHM® is immediately available in the Alibaba Cloud International Marketplace.
Houston, Texas, September 2019 – cPanel is excited to announce a new technology partnership with Alibaba Cloud. cPanel & WHM is immediately available in the Alibaba Cloud International Marketplace.
Established in 2009, Alibaba Cloud, the data intelligence backbone of Alibaba Group, is among the world’s top three IaaS providers, according to Gartner. It is also the largest provider of public cloud services in China, according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations, and public services. The Alibaba Cloud International Marketplace offers a variety of pre-installed and secure software images on their Elastic Compute Service (ECS).
Integrating cPanel & WHM’s robust toolset and world-class support with Alibaba Cloud is a strategic next step for cPanel as it continues to expand its global presence. By partnering with Alibaba Cloud and making cPanel & WHM readily available, our customers can quickly deploy resources and grow their businesses on highly scalable and global infrastructure.
“We’re excited to partner with Alibaba Cloud–a leading Cloud provider to extend the global reach of cPanel and WHM. Alibaba’s strong presence across Asia provides our customers the opportunity to grow alongside cPanel in the global community,” said Todd Mitchell, Chief Operating Officer, cPanel, a WebPros company.
© Cpanel
Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update.
Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
SEC-528
Summary
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some of the highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.
This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.
SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl version 7.66.0 and OpenSSL version 1.0.2t. This release addresses vulnerabilities related to CVE-2019-5481, CVE-2019-5482, CVE-2019-1547, CVE-2019-1563, and CVE-2019-1552. We strongly encourage all libcurl users to upgrade to version 7.66.0 and all OpenSSL users to upgrade to version 1.0.2t.
AFFECTED VERSIONS
All versions of libcurl through 7.65.3
All versions of OpenSSL through 1.0.2s
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
© Cpanel
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to 8.0.
Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
The following cPanel & WHM versions address all known vulnerabilities:
© Cpanel
© Cpanel
With last week’s move to STABLE for Version 82, cPanel & WHM Version 80 has reached End of Life. This version will now only be supported by cPanel when upgrading to a supported version.
In accordance with our EOL policy, Version 80 will continue to function on servers where it is already installed. The last release of cPanel & WHM Version 80, 80.0.24, will remain on our mirrors indefinitely. However, no further updates, including fixes for known security flaws, will be provided for Version 80. Older releases of cPanel & WHM will be removed from our mirrors.
We recommend that all customers upgrade any existing installations of cPanel & WHM Version 80 to the most recent version of cPanel & WHM Version 82, which you can read about on https://releases.cpanel.net.
If your server setup complicates the process of upgrading to a supported version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgable support team can provide recommendations, upgrade assistance, and more.
About cPanel, L.L.C.
© Cpanel
© Cpanel
We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.
• ea-apache2
• EA-8612: Update ea-apache2 from v2.4.39 to v2.4.41
• EA-8588: Added default RequestReadTimeout for mod_reqtimeout
CVE-2019-9517
CVE-2019-10081
CVE-2019-10098
CVE-2019-10092
CVE-2019-10097
CVE-2019-10082
• ea-apache2-config
• EA-8610: Adjust pecl patch for CloudLinux to skip if alt-php in use
• ea-nghttp2
• EA-8611: Update ea-nghttp2 from v1.39.1 to v1.39.2
CVE-2019-9511
CVE-2019-9513
• ea-nodejs10
• EA-8608: Update ea-nodejs10 from v10.16.1 to v10.16.2
© Cpanel
cPanel® announces schedule for its 3-day WebProsTM Summit event and welcomes its exhibitors and sponsors.
Houston, Texas – August 2019 – cPanel, LLC., the Hosting Platform of ChoiceTM, is pleased to announce the change of its annual conference to include the WebPros brands! Plesk®, WHMCS®, SolusVM will all join cPanel at the first annual WebPros Summit.
“It’s been an exciting couple of years for WebPros,” said Ken Power, Vice President of Product Development at cPanel. “Building on the success of the cPanel Conference by inviting the communities of Plesk, WHMCS, and SolusVM is the perfect next step!”
Monday, September 23rd: Certification Day
“The WebPros Summit will expand on the cPanel Conference in a couple of fundamental ways,” said Jesse Asklund, Director of Support at cPanel. “One of them will be to include a full day of certifications from a variety of industry-leading companies in hosting.”
© Cpanel
