cPanel TSR-2014-0004 Announcement

TSR-2014-0004

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Continue reading

Posted in News, Security | Tagged: , ,

EasyApache 3.24.18 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all PHP users to upgrade to PHP version 5.5.12 or PHP version 5.4.28.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

11.38 EOL Notice

cPanel & WHM software version 11.38 has reached End of Life.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers. The last release of cPanel & WHM 11.38, 11.38.2.23, will remain on our mirrors indefinitely. You may continue using this last release, but no further updates, such as security fixes and installations, will be provided for 11.38. Older releases of cPanel & WHM 11.38 will be removed from our mirrors.

We strongly recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (for example, an out-of-date operating system), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

cPanel Conference ’14

Visit the cPanel Conference site to sign up to receive the latest updates about cPanel Conference ’14.

Posted in Events | Tagged:

Heartbleed Vulnerability Information

cPanel Security Team: Heartbleed Vulnerability

Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.

This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

Continue reading

Posted in News, Security | Tagged: ,

EasyApache 3.24.15 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI users to upgrade to FCGI version 2.3.9, and all PHP users to upgrade toPHP version 5.5.11 or PHP version 5.4.27.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

End of the Road for FrontPage Installations: What to Expect

The end of Microsoft® FrontPage® Extensions installations on cPanel & WHM servers is quickly approaching. FrontPage support has already been removed in EasyApache version 3.24.1 and up and cPanel & WHM will be FrontPage-free by version 11.46, which is currently slated for a Fall 2014 release.

cPanel & WHM version 11.44 (scheduled for a Summer 2014 release) will introduce an easy way to remove FrontPage, in preparation for our discontinued support. In WHM’s Uninstall FrontPage Extensions interface (Home >> FrontPage >> Uninstall FrontPage Extensions), an Uninstall FrontPage For All Users option will allow customers to remove FrontPage from all user accounts and their server simultaneously. After implementing this new option, related features will no longer be available, the server will ignore related settings and, most importantly, customers will not be able to reactivate FrontPage.

FrontPage support will be discontinued entirely in cPanel & WHM version 11.46. System administrators will not be able to upgrade servers to 11.46 until FrontPage has been removed.

Posted in News | Tagged: , , , , , , ,

EasyApache 3.24.14 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR 2014-0003 Full Disclosure

Case 85329

Summary

Sensitive information disclosed via multiple log files.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces and less sensitive information about the existence of other accounts and domains on the system.

Credits

This issue was discovered by Rack911.

Solution

This issue is resolved in the following builds:
11.42.0.23
11.40.1.13
11.38.2.23

Continue reading

Posted in News, Security | Tagged: , ,

11.38 EOL, 1 Month Notice

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

Continue reading

Posted in News, Release Announcements | Tagged: , ,
Page 3 of 3112345...102030...Last »