cPanel TSR-2014-0008 Full Disclosure

Case 114917

Summary

Resellers could delete feature lists they did not own.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The check for ownership of a feature list was not functioning properly and allowed a reseller with limited ACLs to delete feature lists that they did not own.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Continue reading

Posted in News, Security | Tagged: , ,

Microsoft® FrontPage® Blocking 11.46 Upgrades: Removal Required

For many cPanel & WHM customers, an existing installation of Microsoft® FrontPage® extensions on their Linux server(s) is blocking the ability to upgrade to cPanel & WHM software version 11.46. Microsoft® discontinued support for FrontPage® extensions on Linux servers in 2006.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

EasyApache 3.26.1 Released

SUMMARY

cPanel, Inc. has released EasyApache 3.26.10 with PHP version 5.5.19 and PHP version 5.4.35. This release addresses vulnerabilities related to CVE-2014-3710 by fixing bugs in the Fileinfo module. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.19 and all PHP v5.4 users to upgrade to version 5.4.35.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR-2014-0008 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Continue reading

Posted in News, Security | Tagged: , ,

11.46 Now in RELEASE Tier

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the RELEASE tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Continue reading

Posted in News, Press Releases, Release Announcements | Tagged: , ,

11.40 Now EOL, 11.42 to EOL in 3 Months

cPanel & WHM software version 11.40 has now reached End of Life.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers. The last release of cPanel & WHM 11.40, 11.40.1.22, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 11.40. Older releases of cPanel & WHM 11.40 will be removed from our mirrors.

Continue reading

Posted in News, Release Announcements | Tagged: , , ,

11.46 Now in CURRENT Tier

10/22/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the CURRENT tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Continue reading

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

11.40 EOL, 1 Month Notice

cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it reaches its EOL date.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Bash CVE-2014-6217 and CVE-2014-7169

CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry points where this vulnerability could be exploited. This blog post from Red Hat demonstrates how such attacks are possible: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

CVE-2014-7169 is a second vulnerability in all versions of GNU Bash. This second CVE covers attack vectors that were not fixed in the initial updates for CVE-2014-6217. Targeting CVE-2014-7169 is more complicated for an attacker. The authors of GNU Bash are currently working on updates to address CVE-2014-7169. This article from Red Hat has additional details about this flaw: https://access.redhat.com/articles/1200223

Continue reading

Posted in News, Security | Tagged: ,

EasyApache to Install Apache 2.4 in Basic Profile – 60 Day Notice

In approximately 60 days, the Basic profile in EasyApache will build Apache 2.4 by default. This change will not alter existing EasyApache profiles that build Apache 2.2. If you plan to update from an existing Apache 2.2 installation to Apache 2.4, we strongly recommend that you build in a test environment before you migrate Apache versions on a production server.

Continue reading

Posted in News, Software Updates | Tagged: , , ,
Page 2 of 3312345...102030...Last »