cPanel TSR-2014-0003 Notice of Delay in Disclosure

Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week.

This change will apply to TSR-2014-0003 and all future cPanel TSRs.

Full details about the contents of TSR-2014-0003 will be released on 31 March 2014.

For the PGP-signed message, see: TSR-2014-0003-Delay.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Critical.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Continue reading

Posted in News, Security | Tagged: , ,

EasyApache 3.24.13 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

11.42 Now in STABLE Tier

3/17/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

EasyApache 3.24.12 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

EasyApache End of Life Warning Messages

Since the release of EasyApache 3.24.11, you may have noticed a variation of the following warning message when starting EasyApache:

Your server is currently on cPanel & WHM version 11.36.2.12. This version of cPanel & WHM has reached End of Life.

cPanel & WHM version 11.36.2.12 will continue to receive updates to EasyApache for 90 days after February 10, 2014. To receive EasyApache updates after May 11, 2014, you must update the cPanel & WHM version on this server.

For more information on how to upgrade cPanel & WHM, visit upgrade cPanel and WHM version.

Continue reading

Posted in News, Software Updates | Tagged: , , , , , ,

11.42 Now in RELEASE Tier

3/3/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the RELEASE tier.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net.* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

Posted in News, Press Releases, Release Announcements | Tagged: , ,

11.38 EOL, 2 Month Notice

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.38 60 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,

cPanel TSR 2014-0002 Full Disclosure

Case 89985

Summary

Disclosure of cpanel-horde’s MySQL password due to world-readable backups.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is created. This backup tarball was created in a world-accessible directory with world-readable permissions, allowing local accounts to see the MySQL password for the shared cpanel-horde user.

Credits

This issue was discovered by Rack911.

Solution

This issue is resolved in the following builds:
11.42.0.6

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/02/TSR-2014-0002-Full-Disclosure.txt.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0002 Announcement

cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers.

This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system.

cPanel has rated this update as having a security impact level of Important.

Information on cPanel’s security ratings is available at go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.42.0.6 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

Independent security researchers identified the security issue resolved in this update. There is no reason to believe that this vulnerability is known to the public. As such, cPanel will only release limited information about the vulnerability at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new version, cPanel will release additional information about the nature of this security issue.

Additional information is scheduled for release on February 14th, 2014.

For information on cPanel & WHM Versions and the Release Process, read our
documentation at go.cpanel.net/versionformat.

For the PGP signed message, please go to TSR-2014-0002 Announcement

Posted in News, Security | Tagged: , ,
Page 4 of 31« First...23456...102030...Last »