JAN
22

cPanel TSR-2019-0001 Full Disclosure

Yesterday we released new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the updates that were included in these builds.

SEC-415

Summary

Internal data disclosed to OpenID providers.

Security Rating

Continue reading

Copyright

© Cpanel

JAN
21

cPanel TSR-2019-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to 6.5.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading

Copyright

© Cpanel

JAN
16

EasyApache 4 Security Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARYcPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.40, 7.1.26, and 7.2.14. This release addresses vulnerabilities related to CVE-2016-10166, CVE-2018-19935, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.40, all PHP 7.1 users to upgrade to version 7.1.26, and all PHP 7.2 users to upgrade to version 7.2.14.

AFFECTED VERSIONS All versions of PHP 5.6 through 5.6.39All versions of PHP 7.1 through 7.1.25All versions of PHP 7.2 through 7.2.13

SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading

Copyright

© Cpanel

JAN
15

cPanel & WHM Version 78 now in CURRENT

We are happy to announce that cPanel, Inc. has released cPanel & WHM Version 78 to the CURRENT tier! This version is our 2019 LTS (Long Term Support) version and will be supported until March of 2020. Take a look at highlights on our release site, or check out the full release notes for v78. Then, join us on Slack, Discord, or Reddit to talk about all the exciting improvements.

Introducing Email Deliverability

When emails stop flowing, tracking down why can be incredibly difficult. This brand new interface in cPanel is specifically designed to help users stop those failures before they happen.

MultiPHP Manager Interface Improvements

System administrators now have more power at their fingertips with automatic PHP INI settings in the WHM interface as well as access the system PHP-FPM Pool Options in the new System PHP-FPM Configuration tab.

More Information

Check out the cPanel Release site to see an overview of the latest features and updates cPanel & WHM has to offer! All of the details about all cPanel & WHM Version 78 features can be found in the Release Notes.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates mailing lists: cPanel Mailing List.

Original linkOriginal author: benny Vasquez

Copyright

© Cpanel

JAN
09

EasyApache 4 2019-1-9 Maintenance Release

SUMMARYcPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.5. This release addresses vulnerabilities related to CVE-2018-16396 and CVE-2018-16395. We strongly encourage all Ruby users to update to version 2.4.5.

AFFECTED VERSIONSAll versions of Ruby through Ruby 2.4.4

SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-16395 – CRITICALRuby 2.4.5Fixed bug related to CVE-2018-16839

CVE-2018-16396 – HIGHRuby 2.4.5Fixed bug related to CVE-2018-16840

Continue reading

Copyright

© Cpanel

Advertisement