News

Categories

Date

cPanel News
Mailing List

Your Name (optional):

cPanel Protects Against PHP Vulnerability

May 8, 2012

cPanel & WHM servers using the default cPanel PHP CGI configuration are not vulnerable to the command line switch vulnerability.

A recently disclosed flaw in PHP's CGI implementation allows malicious users to remotely view and execute source code. The exploit was documented by the Eindbazen team and documented as CVE-2012-1823.

cPanel & WHM servers are not affected by this, thanks in part to a wrapper script used by cPanel & WHM when Apache is configured to use CGI for the PHP handler. This wrapper script does not pass through any command line options.

Server administrators are encouraged to verify their PHP configuration.

When configured to use CGI or FCGI, cPanel & WHM instructs Apache to use the following wrapper script /usr/local/cpanel/cgi-sys/php5 or /usr/local/cpanel/cgi-sys/php4 (The number after "php" is based upon the current major version of PHP.) The unmodified version of the wrapper script looks like the following:

#!/bin/sh

# If you customize the contents of this wrapper script, place 

# a copy at /var/cpanel/conf/apache/wrappers/php$php_version 

# so that it will be reinstalled when Apache is updated or the 

# PHP handler configuration is changed

exec $binary

The $binary placeholder will contain /usr/bin/php or /usr/php4/bin/php By default, no command line parameters are included.

Read CVE-2012-1823

cPanel releases EasyApache 3.12

May 1, 2012

EasyApache 3.12 improves CloudLinux’s modhostinglimits, modmono compatibility on CentOS 4, and mod_ruid2 to suPHP support

We are excited to announce the release of EasyApache 3.12. The latest version provides numerous updates.

  • CloudLinux’s mod_hostinglimits has been updated to 0.9-5. This will impact all of those who use CloudLinux.
  • The issues caused by the glib2 update when building mod_mono on CentOS4 have been resolved.
  • Switching between mod_ruid2+DSO to suPHP will no longer cause permission errors that can cause PHP sites to no longer function.
  • PHP will now use the system time zone database rather than the one built into PHP, which will ensure PHP applications receive timely updates to time zone changes

We strongly recommend that all server administrators rebuild their EasyApache profile immediately.

To rebuild the EasyApache profile:

  1. Log in to WHM as the root user.
  2. Click on the EasyApache (Apache Update) link in the left menu.
  3. If you wish to keep the same configuration, simply click Build Profile.

cPanel Releases cPanel & WHM 11.32 to the RELEASE tier

April 4, 2012

Houston, TX — cPanel & WHM version 11.32, which released today to the RELEASE tier, offers numerous updates, including enhancements to mail functionality and login screens. It also officially supports DKIM and includes the Logaholic web analytics application. This latest release features 202 bug fixes and case implementations since going to the EDGE tier on February 15, 2012.

Learn more about 11.32 updates and enhancements:

11.32 Microsite: go.cpanel.net/1132site

Release Notes: go.cpanel.net/1132rn

Change Log: go.cpanel.net/1132changes

cPanel releases EasyApache 3.11.2

March 23, 2012

EasyApache 3.11.2 includes improvements to FastCGI, along with numerous interface adjustments

The release of EasyApache 3.11.2 removes a previous patch that hindered FastCGI performance. This update also corrects a previous patch that resulted in problems with FcgidMaxRequestLen. Both, FastCGI and FcgidMaxRequestLen, now operate at expected performance levels.

The interface has also been updated to make the navigation and setup of EasyApache easier. These changes include:

  • Marking PHP 4 as End of Life.
  • Marking Frontpage as deprecated.
  • Providing a link to documentation when enabling mod_ruid2.

Frontpage has also been added as incompatible with mod_ruid2.

We strongly recommend that all server administrators rebuild their EasyApache profile immediately.

 To rebuild the EasyApache profile:

  1. Log in to WHM as the root user.
  2. Click on the EasyApache (Apache Update) link in the left menu.
  3. If you wish to keep the same configuration, simply click the Build Profile

cPanel releases updates for cPanel & WHM 11.30

March 22, 2012

cPanel & WHM 11.30.6.6 provides major fixes for CentOS 4 as well as other minor fixes

The recent end of life to CentOS 4 by CentOS, provided issues when updating or installing packages from YUM. cPanel located the correct files at vault.centos.org and pointed the YUM repository to them. Updates were also made to the YUM process of attempting to autorepair the package manager.

Changes have been made to the Modify an Account process. Issues that may occur when changing CGI settings and CGI access have been addressed.

The final issue addressed in 11.30.6.6 resolves a problem when enabling or disabling AWStats through WHM. 

We strongly recommend that all server admins update their cPanel & WHM servers immediately.

To update cPanel & WHM manually:

  1. Log into WHM as the root user. 
  2. Click on the WHM 11.30.X (build X) link on the top right corner of the screen.
  3. Click the button labeled Click to Upgrade.