AUG
10

EasyApache August 10 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache August 10 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  12 Hits

Copyright

© Cpanel

12 Hits
AUG
03

EasyApache August 3 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache August 3 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  18 Hits

Copyright

© Cpanel

18 Hits
JUL
27

EasyApache July 27 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache July 27 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  17 Hits

Copyright

© Cpanel

17 Hits
JUL
20

EasyApache July 20 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache July 20 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  33 Hits

Copyright

© Cpanel

33 Hits
JUL
18

cPanel® Version 106 now in CURRENT!

We are happy to announce that cPanel Version 106 has now been released to the CURRENT tier!  To fully explore all the changes in Version 106, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides an …

The post cPanel® Version 106 now in CURRENT! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  40 Hits

Copyright

© Cpanel

40 Hits
JUL
13

EasyApache July 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache July 13 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  45 Hits

Copyright

© Cpanel

45 Hits
JUL
13

EasyApache July 13 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache July 13 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  45 Hits

Copyright

© Cpanel

45 Hits
JUL
06

EasyApache July 6 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-libzipEA-10807: Update ea-libzip from v1.9.0 to v1.9.2
ea-ruby27-rubygem-rackEA-10810: Update ea-ruby27-rubygem-rack from v2.2.3 to v2.2.4
ea-openssl11EA-10811: Update ea-openssl11 from v1.1.1p to v1.1.1qAES OCB fails to encrypt some bytes (CVE-2022-2097)

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1q. This release addresses vulnerabilities related to CVE-2022-2097. We strongly encourage all OpenSSL users to update to version 1.1.1q.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1p.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-2097 – MEDIUM
OpenSSL 1.1.1q
Fixed vulnerability related to CVE-2022-2097.

Continue reading
  52 Hits

Copyright

© Cpanel

52 Hits
JUN
29

EasyApache June 29 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-nghttp2EA-10794: Update ea-nghttp2 from v1.47.0 to v1.48.0ea-nginxEA-10795: Update ea-nginx from v1.22.0 to v1.23.0ea-nginx-njsEA-10772: Update ea-nginx-njs from v0.7.4 to v0.7.5libcurlEA-10790: Update libcurl from v7.83.1 to v7.84.0CVE-2022-32208: FTP-KRB bad message verificationCVE-2022-32207: Unpreserved file permissionsCVE-2022-32206: HTTP compression denial of serviceCVE-2022-32205: Set-Cookie denial of service

SUMMARY
cPanel, L.L.C. has released updated packages for EasyApache 4 with libcurl version 7.84.0. This release addresses vulnerabilities related to CVE-2022-32208, CVE-2022-32207, CVE-2022-32206, and CVE-2022-32205. We strongly encourage all EA4 users to update to version 7.84.0 of libcurl.

AFFECTED VERSIONS
All versions of libcurl through 7.83.1.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-32208 – MEDIUM
libcurl 7.84.0
Fixed vulnerability related to FTP-KRB bad-message verification

Continue reading
  61 Hits

Copyright

© Cpanel

61 Hits
JUN
29

cPanel® Version 106 is now in EDGE!

We are happy to announce that cPanel Version 106 has now been released to the EDGE tier!  Warning: Due to the dynamic nature of EDGE builds, only use EDGE for testing in a controlled environment. We do not recommend this tier for production servers. This version has only received rudimentary testing. We publish this tier most often (up …

The post cPanel® Version 106 is now in EDGE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  55 Hits

Copyright

© Cpanel

55 Hits
JUN
22

EasyApache June 22 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-libzipEA-10770: Update ea-libzip from v1.8.0 to v1.9.0ea-ruby27-rubygem-sqlite3EA-10771: Update ea-ruby27-rubygem-sqlite3 from v1.4.2 to v1.4.4ea-openssl11EA-10773: Update ea-openssl11 from v1.1.1o to v1.1.1pThe c_rehash script allows command injection (with fix for CVE-2022-2068)

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1p. This release addresses vulnerabilities related to CVE-2022-2068. We strongly encourage all OpenSSL users to update to version 1.1.1p.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1o.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  59 Hits

Copyright

© Cpanel

59 Hits
JUN
15

EasyApache June 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-apache24EA-10756: Update ea-apache2 from v2.4.53 to v2.4.54CVE-2022-26377: mod_proxy_ajp: Possible request smugglingCVE-2022-28330: Read beyond bounds in mod_isapiCVE-2022-28614: Read beyond bounds via ap_rwrite()CVE-2022-28615: Read beyond bounds in ap_strcmp_match()CVE-2022-29404: Denial of service in mod_lua r:parsebodyCVE-2022-30522: mod_sed: Denial of serviceCVE-2022-30556: Information Disclosure in mod_lua with websocketsCVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanismea-nodejs16EA-10748: Update ea-nodejs16 from v16.15.0 to v16.15.1ea-tomcat85EA-10761: Update ea-tomcat85 from v8.5.79 to v8.5.81ea-php74ea-php74-metaEA-10757: Update ea-php74 from v7.4.29 to v7.4.30mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) ea-php80ea-php80-metaEA-10760: Update ea-php80 from v8.0.19 to v8.0.20mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)ea-php81ea-php81-metaEA-10758: Update ea-php81 from v8.1.6 to v8.1.7mysqlnd:Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)pgsql:Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) ea-podmanZC-9993: Add script for dev/QA/smold4r to be able to test against internal docker hubea-podman-repoZC-10010: enable powertools on Rocky 8ea-nginxZC-9940: Change worker_processes default back to 1ZC-9940: Have worker_shutdown_timeout default to 10 seconds

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.29.
All versions of PHP 8.0 through 8.0.19.
All versions of PHP 8.1 through 8.1.6.
All versions of Apache through 2.4.53.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-26377 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377.

Continue reading
  78 Hits

Copyright

© Cpanel

78 Hits
JUN
09

cPanel® Version 104 now in RELEASE!

We are happy to announce that cPanel Version 104 has now been released to the RELEASE tier!  What’s new in Version 104? So much! Some of the features we’re most excited about include: Vastly improved mail experience, including auto-purge and smart spam handling. A new SQL config UI that automatically provides …

The post cPanel® Version 104 now in RELEASE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  79 Hits

Copyright

© Cpanel

79 Hits
JUN
01

cPanel TSR-2022-0002 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
SEC-629

Summary

Respect the “no_create” parameter in BoxTrapper_getemaildirs.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Continue reading
  107 Hits

Copyright

© Cpanel

107 Hits
JUN
01

EasyApache June 1 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache June 1 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  92 Hits

Copyright

© Cpanel

92 Hits
MAY
31

cPanel TSR-2022-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 2.2 to 8.0.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels .

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

Continue reading
  98 Hits

Copyright

© Cpanel

98 Hits
MAY
26

cPanel® Version 104 now in CURRENT!

We are happy to announce that cPanel Version 104 has now been released to the CURRENT tier!  To fully explore all the changes in Version 104, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides an …

The post cPanel® Version 104 now in CURRENT! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  98 Hits

Copyright

© Cpanel

98 Hits
MAY
18

EasyApache May 18 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on …

The post EasyApache May 18 Release first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  111 Hits

Copyright

© Cpanel

111 Hits
MAY
18

cPanel® Version 102 now in STABLE!

We are happy to announce that cPanel Version 102 has now been released to the STABLE tier!  To fully explore all the changes in Version 102, as well as see detailed information about all cPanel & cPanel WebHost Manager versions, visit the release notes. More Information Our Release site also provides …

The post cPanel® Version 102 now in STABLE! first appeared on cPanel Newsroom.
Original author: Rhoda Arnes
  119 Hits

Copyright

© Cpanel

119 Hits
MAY
11

EasyApache May 11 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-openssl11

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1o. This release addresses vulnerabilities related to CVE-2022-1473 and CVE-2022-1292. We strongly encourage all OpenSSL users to upgrade to version 1.1.1o.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1n.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

Continue reading
  114 Hits

Copyright

© Cpanel

114 Hits
Advertisement