cPanel TSR-2017-0001 Full Disclosure

cPanel TSR-2017-0001 Full Disclosure SEC-196 Summary Fixed password used for Munin MySQL test account. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) Description The Munin monitoring tool includes a plugin to check the status of the MySQL service. This plugin used a dedicated test MySQL user to provide this functionality…. Read more »

cPanel TSR-2017-0001 Announcement

cPanel TSR-2017-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 6.8…. Read more »

cPanel TSR-2016-0001 Announcement

cPanel TSR-2016-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 10.0…. Read more »

EasyApache 3.26.6 released to address multiple CVE security issues!

cPanel, Inc. has released EasyApache 3.26.6 with PHP versions 5.4.32 and 5.5.16. This release addresses vulnerabilities CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120, CVE-2014-3597, CVE-2014-4670 and CVE-2014-4698. We encourage all PHP 5.4 users to upgrade to PHP version 5.4.32 and all PHP 5.5 users to upgrade to PHP version 5.5.16.   AFFECTED VERSIONS All versions of PHP 5.4… Read more »

EasyApache 3.26.5 released to address libxml2 and php vulnerabilities

cPanel, Inc. has released EasyApache 3.26.5 with PHP version 5.3.29 and a patch to libxml2. This release addresses libxml2 vulnerability CVE-2014-0191 and PHP vulnerabilities CVE-2014-3981, CVE-2014-3515, CVE-2013-6712, CVE-2014-0207, CVE-2014-0238, CVE-2014-0237, and CVE-2014-4049 by fixing bugs in PHP’s core and PHP’s Network, Fileinfo and DateInterval modules. We encourage all PHP 5.3 users to upgrade to PHP… Read more »

EasyApache 3.26.4 released to address mod_perl vulnerabilities

cPanel, Inc. has released EasyApache 3.26.4 with mod_perl version 2.0.8. This release fixes bugs related to vulnerability CVE-2013-1667 in the mod_perl2 Apache test suite. AFFECTED VERSIONS All versions of Perl 5.8.2 through 5.16.x SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2013-1667 – HIGH mod_perl 2.0.8 Fixes… Read more »

EasyApache 3.24.22 Released to address PHP vulnerabilities

cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14.   AFFECTED VERSIONS All versions of PHP 5.4 before 5.4.30. All versions of… Read more »

EasyApache 3.24.19 released to address CVE-2014-0237 and CVE-2014-0238

cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29.   AFFECTED VERSIONS All versions of PHP version 5.5 before 5.5.13…. Read more »

cPanel TSR-2014-0004 Security Announcement

TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from Minor to Important. Information… Read more »

Heartbleed OpenSSL Vulnerability (CVE-2014-0160)

On April 7, 2014 a vulnerability was discovered in OpenSSL that could allow attackers to view sensitive information stored in memory. Given the severity of this vulnerability we are encouraging all customers to take the necessary steps to verify their OpenSSL installations are patched and not vulnerable. Most Linux distributions these days come with a… Read more »