11.36 EOL, 1 Month Notice

cPanel & WHM software version 11.36 will reach End of Life at the end of January 2014.

In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport],11.36 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.36 once it reaches its EOL date.

We recommend that all customers migrate any existing installations of cPanel & WHM 11.36 to a newer version (either 11.38 or 11.40).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (for example, an out-of-date operating system), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.36 30 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,

TSR 2013-0012 Full Disclosure

Case 84681

Summary

Arbitrary file read for ACL limited reseller accounts via XML-API.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to this call, resellers with the “viewglobalpackages” ACL could read the contents of files accessible only to root.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:

11.40.1.7 & Greater
11.40.0.31 & Greater
11.38.2.15 & Greater
11.36.2.12 & Greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/

For the PGP-signed message, see TSR-2013-0012-FullDisclosure.

Posted in News, Security | Tagged: , ,

TSR-2013-0012 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels of Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.40.1.7 & Greater
* 11.40.0.31 & Greater
* 11.38.2.15 & Greater
* 11.36.2.12 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.
1)f7{3;(1]o715C
SECURITY ISSUE INFORMATION

During a routine code audit, an issue was discovered by the cPanel Product Security team. Later the same issue was reported by an external security researcher. Due to an unfortunate set of circumstances, the external researcher disclosed information about the issue on a public website.

While cPanel does not believe the vulnerability is being actively exploited, we felt it to be in our customers best interest to publish an unscheduled security release.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issue.

Additional information is scheduled for release on December 23, 2013.

For information on cPanel & WHM Versions and the Release Process, read our documentation at: http://go.cpanel.net/versionformat..

For the PGP-signed message, see TSA-2013-0012.

Posted in News, Security | Tagged: , ,

TSR 2013-0011 Full Disclosure

Case 60890

Summary

A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses that belonged to accounts that did not belong to the reseller. This would allow a malicious reseller account to capture web traffic intended for other accounts on the system.

Credits

These issues were discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:

11.36.2.10 & Greater

The 11.38 and 11.40 releases of cPanel were not vulnerable to this issue due to unrelated changes in the SSL certificate management logic of cPanel & WHM.

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/

Continue reading

Posted in News, Security | Tagged: , ,

EasyApache 3.22.25 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7.

AFFECTED VERSIONS
All versions of PHP 5.3 before 5.3.28.
All versions of PHP 5.4 before 5.4.23.
All versions of PHP 5.5 before 5.5.7.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-4073 – MEDIUM
PHP 5.3.28
Fixed bug in the OpenSSL module related to CVE-2013-4073.

CVE-2013-6420 – MEDIUM

PHP 5.3.28
Fixed bug in the OpenSSL module related to CVE-2013-6420.

PHP 5.4.23
Fixed bug in the OpenSSL module related to CVE-2013-6420.

PHP 5.5.7
Fixed bug in the OpenSSL module related to CVE-2013-6420.

SOLUTION
cPanel, Inc. has released EasyApache 3.22.25 with updated versions of PHP 5.3, 5.4, and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4073
http://www.php.net/ChangeLog-5.php#5.3.28

For the PGP-signed message, see EA3-CVE-3-22-25-signed.

Posted in News, Software Updates | Tagged: , , , ,

TSR-2013-0011 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.40.1.3 & Greater
* 11.40.0.29 & Greater
* 11.38.2.13 & Greater
* 11.36.2.10 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 22 vulnerabilities in cPanel & WHM software versions 11.40, 11.38, and 11.36.

Additional information is scheduled for release on December 18, 2013.

For information on cPanel & WHM Versions and the Release Process, read our documentation at: http://go.cpanel.net/versionformat

For the PGP-signed message, see TSA-2013-0011.

Posted in News, Security | Tagged: , ,

11.36 EOL, 2 Month Notice

cPanel & WHM software version 11.36 will reach End of Life in January 2014.

In accordance with our EOL policy [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/LongTermSupport], 11.36 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.36 once it reaches its EOL date.

We recommend that all customers start planning to migrate any existing installations of cPanel & WHM 11.36 to a newer version (either 11.38 or 11.40).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (for example, an out-of-date operating system), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

For the PGP-signed message, see 11.36 60 day notice-signed.

Posted in News, Release Announcements | Tagged: , ,

cPanel Security Bounty Program

Official cPanel Security Bounty Program

In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program.

Continue reading

Posted in News, Security | Tagged: , ,

11.40 Now in STABLE Tier

12/3/2013
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.40, which is now available in the STABLE tier.

cPanel & WHM version 11.40 offers support for IPv6 and 1:1 NAT, an API Shell, and more.

IPv6 Support
cPanel & WHM is now IPv6-enabled with dual-stack support, allowing customers to add IPv6 or IPv4 to any account. This feature prepares our customers for future demand.

1:1 NAT Support
cPanel & WHM version 11.40 provides 1:1 NAT, giving customers the ability to support a broader range of hosting environments.

API Shell
In 11.40, cPanel & WHM includes an API Shell, enabling customers to run and troubleshoot API calls interactively through the cPanel & WHM user interfaces. This feature helps our customers better understand API calls.

Detailed information on all cPanel & WHM version 11.40 features can be found at http://docs.cpanel.net. An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

GoDaddy Offers cPanel & CloudLinux In Web Hosting Overhaul

SCOTTSDALE, Ariz. (Nov. 20, 2013) – GoDaddy, the world’s largest Web hosting provider, has revamped its Linux Web hosting lineup, with the addition of cPanel & WHM, the popular Web hosting management software. In addition, customers are also benefitting from a new Web hosting architecture that provides a fast and reliable experience and new Web hosting plans, which enable customers to find a solution that meets their specific needs.

“After studying the market and our customer needs, we went to work with cPanel and CloudLinux to create an optimized solution that provides a market-leading customer experience,” said GoDaddy Product Manager Web Hosting Ben Gabler. “GoDaddy is focused on bringing the best and most reliable services to our customers around the world.”

cPanel enables users to quickly and easily manage a number of potentially-complicated items on a Web hosting account, including managing MySQL databases, adding domain names, installing applications, tracking stats and setting up Cron jobs. For example, using automated installs powered by Installatron, customers can have a full-blown WordPress website in a matter of minutes, without coding or walking through a potentially complicated install process.

“When GoDaddy talked to us about adding cPanel to their main Linux Web hosting line, we admired their passion for helping customers and couldn’t wait to get started,” said cPanel Vice President of Operations Aaron Phillips. “The new team at GoDaddy is hyper focused on figuring out how to create the best possible customer experience, whether it’s for a Web pro or a small business owner. GoDaddy is willing to do whatever it takes to get this right, and we share their excitement to help grow the small business market.”

GoDaddy Linux Web hosting runs on CloudLinux and offers the flexibility and ease-of-use customers expect. Additionally, the Web hosting architecture has increased the usage of CPU and RAM in a low densification environment – giving users additional resources that cause pages to load faster and more consistently.

“GoDaddy’s scale for Linux Web hosting is unmatched in the industry and they have innovated based on customer needs to increase their speed and reliability,” said CloudLinux CEO Igor Seletskiy.

“GoDaddy is going global, in the coming months, we are providing hosting across 60 countries in 30 different languages,” said GoDaddy Senior Vice President and General Manager Hosting Jeff King. “cPanel is helping provide a universal experience while CloudLinux is providing a solid foundation. This isn’t the finish line … we’re just getting started.”

GoDaddy now serves more than 12 million paying customers worldwide and is the largest Web hosting and domain name registrar on the planet. GoDaddy leverages its award-winning talent and personalized approach to help small business owners create their digital identity, build websites and grow online.

To learn more about GoDaddy Web hosting with Linux visit, http://www.GoDaddy.com/Hosting.

To find out how GoDaddy can help grow your small business online, visit: www.GoDaddy.com.

Connect with GoDaddy on Facebook & Twitter.

Read why our customers recommend GoDaddy.

Contact
Nick Fuller, PR Director
480.505.8800 x4435
PR@GoDaddy.com or Google+

Posted in News, Press Releases | Tagged: ,
Page 5 of 30« First...34567...102030...Last »