cPanel TSR 2014-0003 Full Disclosure

Case 85329

Summary

Sensitive information disclosed via multiple log files.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces and less sensitive information about the existence of other accounts and domains on the system.

Credits

This issue was discovered by Rack911.

Solution

This issue is resolved in the following builds:
11.42.0.23
11.40.1.13
11.38.2.23

Continue reading

Posted in News, Security | Tagged: , ,

11.38 EOL, 1 Month Notice

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

cPanel TSR-2014-0003 Notice of Delay in Disclosure

Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week.

This change will apply to TSR-2014-0003 and all future cPanel TSRs.

Full details about the contents of TSR-2014-0003 will be released on 31 March 2014.

For the PGP-signed message, see: TSR-2014-0003-Delay.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Critical.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading

Posted in News, Security | Tagged: , ,

EasyApache 3.24.13 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

11.42 Now in STABLE Tier

3/17/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

EasyApache 3.24.12 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

EasyApache End of Life Warning Messages

Since the release of EasyApache 3.24.11, you may have noticed a variation of the following warning message when starting EasyApache:

Your server is currently on cPanel & WHM version 11.36.2.12. This version of cPanel & WHM has reached End of Life.

cPanel & WHM version 11.36.2.12 will continue to receive updates to EasyApache for 90 days after February 10, 2014. To receive EasyApache updates after May 11, 2014, you must update the cPanel & WHM version on this server.

For more information on how to upgrade cPanel & WHM, visit upgrade cPanel and WHM version.

Continue reading

Posted in News, Software Updates | Tagged: , , , , , ,

11.42 Now in RELEASE Tier

3/3/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the RELEASE tier.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

Posted in News, Press Releases, Release Announcements | Tagged: , ,

11.38 EOL, 2 Month Notice

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.38 60 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,
Page 4 of 31« First...23456...102030...Last »