IMPORTANT: 11.34 Security Release, cPanel & WHM

Important: cPanel & WHM 11.34 Security Release

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having important security impact. Information on security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

Version 11.34.0.11 of cPanel & WHM addresses all known vulnerabilities. The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Security Issue Information

The resolved security issues were identified by various members of the development and quality assurance teams at cPanel. There is no reason to believe that these vulnerabilities are known to the public. As such, cPanel will only release limited information regarding the vulnerabilities.

Once sufficient time has passed to allow cPanel & WHM systems to automatically update their installed software to the new versions, cPanel will release additional information regarding the nature of the security issue. This Targeted Security Release addresses five vulnerabilities. Additional information is scheduled to be released December 6, 2012, via email.

For information regarding our Versions and Release Process, please see attached link.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/CpanelProductVersions

Posted in News, Security | Tagged:

IMPORTANT: 11.32 Security Release, cPanel & WHM

Important: cPanel & WHM 11.32 Security Release

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having important security impact. Information on security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

Version 11.32.5.15 of cPanel & WHM addresses all known vulnerabilities. The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Security Issue Information

The resolved security issues were identified by various members of the development and quality assurance teams at cPanel. There is no reason to believe that these vulnerabilities are known to the public. As such, cPanel will only release limited information regarding the vulnerabilities.

Once sufficient time has passed to allow cPanel & WHM systems to automatically update their installed software to the new versions, cPanel will release additional information regarding the nature of the security issue. This Targeted Security Release addresses five vulnerabilities. Additional information is scheduled to be released December 6, 2012, via email.

For information regarding our Versions and Release Process, please see attached link.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/CpanelProductVersions

Posted in News, Security | Tagged:

IMPORTANT: 11.30 Security Release, cPanel & WHM

Important: cPanel & WHM 11.30 Security Release

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having important security impact. Information on security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

Version 11.30.7.4 of cPanel & WHM addresses all known vulnerabilities. The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Security Issue Information

The resolved security issues were identified by various members of the development and quality assurance teams at cPanel. There is no reason to believe that these vulnerabilities are known to the public. As such, cPanel will only release limited information regarding the vulnerabilities.

Once sufficient time has passed to allow cPanel & WHM systems to automatically update their installed software to the new versions, cPanel will release additional information regarding the nature of the security issue. This Targeted Security Release addresses five vulnerabilities. Additional information is scheduled to be released December 6, 2012, via email.

For information regarding our Versions and Release Process, please see attached link.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/CpanelProductVersions

Posted in News, Security | Tagged:

cPanel & WHM 11.34 Officially Pushed to STABLE Tier

November 12, 2012

Houston, TX-

cPanel Inc. announced today the release of version 11.34 of cPanel & WHM software to the STABLE tier with many improvements and upgrades that you, our Partners and end users, had a voice in.

As highlighted in his Keynote speech at our 7th annual cPanel Conference, cPanel CEO, J. Nick Koston, outlined new features that include;

-A brand new User Interface for WHM, which brings a slick new look and easier functionality, as demonstrated at the recent cPanel Conference.
-Web Disk support has been updated for Windows Vista, 7 & 8, and Mountain Lion. In addition to the Web Disk support update, we will soon be releasing Android and iOS clients.
-Email client auto configuration utilities have been updated to support the latest mail clients, as well as added support for Mountain Lion.     
-Email Archiving makes its appearance in 11.34, so email users now have the option to more efficiently track, store, and access email with our vastly improved email tracking, and message retrieval, to the Mail Delivery Reports functionality we recently delivered.
-In addition, we overhauled the service monitoring system to provide better notifications, and improved the robustness of the automatic repair feature.
-New Hooks Management interface built into WHM.
-Feature Showcase page of WHM will alert you at login to any recent changes made by upgrading cPanel & WHM.

Upon updating or installing cPanel & WHM version 11.34, you will no longer be able to downgrade to a previous version.

For details regarding version 11.34 User Guide, Release Notes, Change Log and FAQ’s, please visit http://docs.cpanel.net.

About cPanel, Inc.

Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated point-and-click web hosting platforms. cPanel licensed software allows owners of servers and websites, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web- based interfaces.
###

Posted in News, Press Releases, Release Announcements

11.34 Soon to go to STABLE

November 8, 2012

Houston, TX-
cPanel Inc. announced today that version 11.34 of cPanel & WHM software is scheduled to be released to the STABLE tier November 12th, 2012, with many improvements and upgrades that you, our Partners and end users, had a voice in.

As highlighted in his Keynote speech at our 7th annual cPanel Conference, cPanel CEO, J. Nick Koston, outlined new features that include:
Continue reading

Posted in Release Announcements

Exim Remote Code Execution Vulnerability Notification CVE-2012-5671

Summary

A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.

Security Rating

This vulnerability has been rated as Critical[1] by the cPanel Security team.

Description

A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.

The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].

The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:

  • exim-4.76-1
  • exim-4.77-0
  • exim-4.77-1
  • exim-4.80-0
  • exim-4.80-1

These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.

Solution

Servers that are using the default DKIM verification settings provided with cPanel & WHM 11.32 and newer are not vulnerable. The default settings disable DKIM key verification by adding the following to /etc/exim.conf

   warn control = dkim_disable_verify

This prevents the exploitable code from being available during exim execution.

To fully resolve the issue cPanel has produced new Exim RPMs for cPanel & WHM version 11.32 and 11.34. Server Owners are strongly urged to update their cPanel & WHM installations to the following versions:

  • cPanel & WHM 11.32.5.13
  • cPanel & WHM 11.34.0.6

Exim RPMs are distributed through cPanel’s package management system. All cPanel & WHM servers receiving updates automatically will receive the updated Exim RPM during normal update and maintenance operations (upcp). Servers with automatic updates disabled will require action in order to receive the update. We recommend all customers to update to the latest releases of 11.32 and 11.34 as soon as possible.

Servers who have disabled Exim updates, via the Update Preferences interface in WHM, are strongly urged to re-enable updates.

To perform a manual update of cPanel & WHM, perform the following:

  1. Login to your server as root using SSH
  2. Execute the following command on the command line:
       /scripts/upcp
    

Updated cPanel & WHM 11.32, and 11.34, servers will have the following Exim RPM:

   exim-4.80-3

References

  1. http://docs.cpanel.net/twiki/bin/view/AllDocumentation/SecurityLevels
  2. https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
  3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671
Posted in Release Announcements, Security | Tagged:

cPanel & WHM 11.34, RELEASE Tier

10/26/12
For Immediate Release

Houston, TX-
cPanel Inc. announced today the release of version 11.34 of cPanel & WHM software to the RELEASE tier, effective Monday, October 29, 2012. Included are many improvements and upgrades that you, our Partners and end users, had a voice in.

As highlighted in his Keynote speech at last week’s 7th annual cPanel Conference, cPanel CEO, J. Nick Koston, outlined new features that include;

A brand new User Interface for WHM, which brings a slick new look and easier functionality, as demonstrated at the recent cPanel Conference.
Web Disk support has been updated for Windows Vista, 7 & 8, and Mountain Lion. In addition to the Web Disk support update, we will soon be releasing Android and iOS clients.
Email client auto configuration utilities have been updated to support the latest mail clients, as well as added support for Mountain Lion.     
Email Archiving makes its appearance in 11.34, so email users now have the option to more efficiently track, store, and access email with our vastly improved email tracking, and message retrieval, to the Mail Delivery Reports functionality we recently delivered.
In addition, we overhauled the service monitoring system to provide better notifications, and improved the robustness of the automatic repair feature.
New Hooks Management interface built into WHM.
Feature Showcase page of WHM will alert you at login to any recent changes made by upgrading cPanel & WHM.

Upon updating or installing cPanel & WHM version 11.34 you will no longer be able to downgrade to a previous version.

For details regarding version 11.34 User Guide, Release Notes, Change Log and FAQ’s, please visit http://docs.cpanel.net.

Please pre-register for our upcoming webinar on version 11.34 at http://go.cpanel.net/1134webinar.

To update cPanel & WHM manually:
Log into WHM as the root user.
Click on the WHM 11.32.5 (build 11) link on the top right corner of the screen.
Click the button labeled Click to Upgrade.

Posted in Press Releases, Release Announcements

Exim Update 10-26-12

At 3am CST, the Exim team released an update to correct CVE-2012-5671. An update to cPanel has been published to provide this update to our customers. Customers with Automatic Updates enabled, will receive the update with no interaction needed. We recommend all customers not using Automatic Updates, update as soon as possible.

To manually update your cPanel & WHM installation, run the following command in a command line:

/scripts/upcp --force

For more information please see http://cpanel.net/exim-remote-co…-cve-2012-5671/

Posted in News

cPanel & WHM Version 11.34 Released to Current Tier

cPanel Inc. announced today the release of version 11.34 of cPanel & WHM software to the CURRENT tier with many improvements and upgrades that you, our Partners and end users, had a voice in.

As highlighted in his Keynote speech at last week’s 7th annual cPanel Conference, cPanel CEO, J. Nick Koston, outlined new features that include:

  • A brand new User Interface for WHM, which brings a slick new look and easier functionality, as demonstrated at the recent cPanel Conference.
  • Web Disk support has been updated for Windows Vista, 7 & 8, and Mountain Lion. In addition to the Web Disk support update, we will soon be releasing Android and iOS clients.
  • Email client auto configuration utilities have been updated to support the latest mail clients, as well as added support for Mountain Lion.     
  • Email Archiving makes its appearance in 11.34, so email users now have the option to more efficiently track, store, and access email with our vastly improved email tracking, and message retrieval, to the Mail Delivery Reports functionality we recently delivered.
  • In addition, we overhauled the service monitoring system to provide better notifications, and improved the robustness of the automatic repair feature.
  • New Hooks Management interface built into WHM.
  • Feature Showcase page of WHM will alert you at login to any recent changes made by upgrading cPanel & WHM.

Upon updating or installing cPanel & WHM version 11.34 you will no longer be able to downgrade to a previous version.

For details regarding version 11.34 User Guide, Release Notes, Change Log and FAQ’s, please visit http://docs.cpanel.net.

Click here to pre-register for our upcoming webinar on version 11.34.

To update cPanel & WHM manually:
Log into WHM as the root user.
Click on the WHM 11.32.X (build X) link on the top right corner of the screen.
Click the button labeled Click to Upgrade.

Posted in News, Release Announcements

cPanel VP of Operations, Aaron Phillips; Why We’re on Board with i2C

As the VP of cPanel Operations, I receive a huge number of cold calls, sales pitches, and emails. One discussion I recall vividly from years past was from a passionate young man on a mission to “Save Hosting”. By nature I am a skeptic, and quite honestly in the past 10 years, I have been asked to join, start, or participate in no less than 3 organizations focused on this same mission. In all prior attempts, organizations relied on guerrilla marketing or had aspirations that just ended up being unobtainable. Nonetheless, I enjoy a good cause and have always listened, provided feedback, and in some cases, went so far as to participate in the planning process.

At HostingCon 2012, I spent some time chatting with Christian Dawson about the new iteration of Save Hosting, now being dubbed The Internet Infrastructure Coalition. I didn’t let Christian off the hook with easy questions, rather I wanted to know some very specific execution items, like mission of the organization, current members, how they were going to raise money and more importantly how they were going to make a difference. Continue reading

Posted in News | Tagged:
Page 10 of 28« First...89101112...20...Last »