EasyApache End of Life Items to be Removed

1/30/2014
Houston, TX -

cPanel, Inc. tentatively plans to release EasyApache 3.24 in the very near future. This version will include the removal of Apache 1.3/2.0, PHP 5.2, and mod_frontpage. As mentioned in Introducing EasyApache’s Optimal Profiles, these End of Life items will no longer be available in EasyApache.

These items will be removed for the following reasons:

  • They are no longer supported by their respective developers.
  • They include known CVEs (Common Vulnerabilities and Exposures).
  • EasyApache provides the most up-to-date, supported versions of Apache (2.2/2.4) and PHP (5.4/5.5).

Keep in mind that viable alternatives to mod_frontpage exist, such as WebDAV and FTP. Also, PHP 5.2 and mod_frontpage will be available as custom modules (“opt mods”).

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists

Posted in News, Software Updates | Tagged: , , ,

11.42 Now in CURRENT Tier

1/28/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the CURRENT tier.
cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

Enkompass EOL Notice

Enkompass version 3.0 will reach End of Life in February 2014.

In accordance with our EOL policy [go.cpanel.net/eol], Enkompass will continue to function on servers after it reaches EOL. However, we will not provide further updates (for example, security fixes and installations) for Enkompass version 3.0  after it reaches its EOL date.

Support for Enkompass will no longer be available in the ticket system, but community support is still available on our forums [http://forums.cpanel.net/enkompass-discussions.html].

So long, and thanks for all the fish.
1)f7{3;(1]o715C1)f7{3;(1]o715C
About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see Enkompass-EOL.

Posted in News, Release Announcements | Tagged: , ,

11.36 EOL, 1 Month Notice

cPanel & WHM software version 11.36 will reach End of Life at the end of January 2014.

In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport],11.36 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.36 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.36 to a newer version (either 11.38 or 11.40).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (for example, an out-of-date operating system), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.36 30 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,

TSR 2013-0012 Full Disclosure

Case 84681

Summary

Arbitrary file read for ACL limited reseller accounts via XML-API.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to this call, resellers with the “viewglobalpackages” ACL could read the contents of files accessible only to root.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:

11.40.1.7 & Greater
11.40.0.31 & Greater
11.38.2.15 & Greater
11.36.2.12 & Greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/

For the PGP-signed message, see TSR-2013-0012-FullDisclosure.

Posted in News, Security | Tagged: , ,

TSR-2013-0012 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels of Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.40.1.7 & Greater
* 11.40.0.31 & Greater
* 11.38.2.15 & Greater
* 11.36.2.12 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.
1)f7{3;(1]o715C
SECURITY ISSUE INFORMATION

During a routine code audit, an issue was discovered by the cPanel Product Security team. Later the same issue was reported by an external security researcher. Due to an unfortunate set of circumstances, the external researcher disclosed information about the issue on a public website.

While cPanel does not believe the vulnerability is being actively exploited, we felt it to be in our customers best interest to publish an unscheduled security release.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issue.

Additional information is scheduled for release on December 23, 2013.

For information on cPanel & WHM Versions and the Release Process, read our documentation at: http://go.cpanel.net/versionformat..

For the PGP-signed message, see TSA-2013-0012.

Posted in News, Security | Tagged: , ,

TSR 2013-0011 Full Disclosure

Case 60890

Summary

A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses that belonged to accounts that did not belong to the reseller. This would allow a malicious reseller account to capture web traffic intended for other accounts on the system.

Credits

These issues were discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:

11.36.2.10 & Greater

The 11.38 and 11.40 releases of cPanel were not vulnerable to this issue due to unrelated changes in the SSL certificate management logic of cPanel & WHM.

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/

Continue reading

Posted in News, Security | Tagged: , ,

EasyApache 3.22.25 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7.

AFFECTED VERSIONS
All versions of PHP 5.3 before 5.3.28.
All versions of PHP 5.4 before 5.4.23.
All versions of PHP 5.5 before 5.5.7.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-4073 – MEDIUM
PHP 5.3.28
Fixed bug in the OpenSSL module related to CVE-2013-4073.

CVE-2013-6420 – MEDIUM

PHP 5.3.28
Fixed bug in the OpenSSL module related to CVE-2013-6420.

PHP 5.4.23
Fixed bug in the OpenSSL module related to CVE-2013-6420.

PHP 5.5.7
Fixed bug in the OpenSSL module related to CVE-2013-6420.

SOLUTION
cPanel, Inc. has released EasyApache 3.22.25 with updated versions of PHP 5.3, 5.4, and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4073
http://www.php.net/ChangeLog-5.php#5.3.28

For the PGP-signed message, see EA3-CVE-3-22-25-signed.

Posted in News, Software Updates | Tagged: , , , ,

TSR-2013-0011 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.40.1.3 & Greater
* 11.40.0.29 & Greater
* 11.38.2.13 & Greater
* 11.36.2.10 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 22 vulnerabilities in cPanel & WHM software versions 11.40, 11.38, and 11.36.

Additional information is scheduled for release on December 18, 2013.

For information on cPanel & WHM Versions and the Release Process, read our documentation at: http://go.cpanel.net/versionformat

For the PGP-signed message, see TSA-2013-0011.

Posted in News, Security | Tagged: , ,

11.36 EOL, 2 Month Notice

cPanel & WHM software version 11.36 will reach End of Life in January 2014.

In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport], 11.36 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.36 once it reaches its EOL date.

We recommend that all customers start planning to migrate any existing installations of cPanel & WHM 11.36 to a newer version (either 11.38 or 11.40).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (for example, an out-of-date operating system), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.36 60 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,
Page 3 of 2812345...1020...Last »