Texas – March 2019 cPanel is excited to announce that it will be integrating ImunifyAV into all cPanel & WHM servers in the coming months. By integrating ImunifyAV, part of the Imunify Security product set from industry partner CloudLinux, cPanel will provide all customers with one of the most effective malware detection solutions in the industry. All cPanel & WHM users will benefit from automatic scans of their sites and servers to check whether they have been infected with hidden malware. If ImunifyAV discovers infections, cPanel customers can choose to clean the infection themselves with provided instructions, or automatically clean the infections with a simple upgrade to ImunifyAV+. Hosting providers can also elect to move to Imunify360, the only multi-layer proactive defense suite for web hosting, directly from their WHMÒ interface.

 “We are very intentional with decisions to pre-install 3rd party products into our software, and we knew we could only have one security scanner. After working extensively with the Imunify Security development team and reviewing test results, we decided it was a tool we wanted to provide to all cPanel customers,” said Nick Koston, cPanel’s CEO. “The detection rates and product performance are superior to anything else we have seen.”

cPanel and Imunify Security. “The CloudLinux and Imunify Security team are long-term friends of cPanel. In 2018 we started to offer Imunify360 as a featured security product”, Nick continued. “As we collaborated with them on the ImunifyAV integration we became convinced it was the right decision for our community.”

 “We couldn’t be more thrilled to build on our strategic partnership with cPanel,” said Jim Jackson, President and Chief Revenue Officer at CloudLinux. “Having partnered successfully with cPanel for years on the CloudLinux OS and KernelCare, we knew we could do something special with them in the security arena as we were rapidly growing the Imunify Security product set. We view the integration of ImunifyAV into cPanel & WHM, and the availability of all Imunify products directly through their industry-leading panel, as the ultimate testament of our work together to protect our joint user community from all forms of malicious attacks.”

The product team will be working to build this integration for cPanel & WHM Version 82, which will be released in the third quarter of 2019. To be notified of this and other product updates, sign up for the cPanel Mailing List.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 7.8.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This update includes a number of security updates for PHP versions 7.1.27, 7.2.16, and 7.3.3, as well as OpenSSL version 1.0.2r, and the addition of PassengerNodejs to passenger_apps.default. We are also adding ea-nodejs10 in preparation for work that will be released in cPanel & WHM Version 80. Please take a look at the release below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

2019-3-13

This release also includes security patches that have been issued for CVEs (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r.

AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.26
All versions of PHP 7.2 through 7.2.15
All versions of PHP 7.3 through 7.3.2
All versions of OpenSSL 1.0.2 through 1.0.2q