cPanel TSR-2018-0006 Full Disclosure

[ad_1] cPanel TSR-2018-0006 Full Disclosure SEC-366 Summary PostgreSQL password changes performed in an insecure manner. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Description When using the WHM ‘Configure PostgreSQL’ interface to change the primary PostgreSQL password, it was possible for unauthorized users to log into PostgreSQL and change the[…]

cPanel TSR-2018-0006 Announcement

[ad_1] cPanel TSR-2018-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to[…]

EasyApache 4 2018-11-07 Security Release

[ad_1] SUMMARYcPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.62.0. This release addresses vulnerabilities related to CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0. AFFECTED VERSIONSAll versions of cURL through cURL 7.61.0 SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings to[…]

EasyApache 2018-09-19 Security Release

[ad_1] SUMMARYcPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.38, 7.0.32, 7.1.22, and 7.2.10 and released EasyApache 3.36.8 with PHP version 5.6.38 on September 19, 2018. This release addresses vulnerabilities related to CVE-2018-17082. We strongly encourage all PHP 5.6 users to upgrade to versions 5.6.38, all PHP 7.0 users to upgrade to[…]

cPanel TSR-2018-0005 Full Disclosure

[ad_1] cPanel TSR-2018-0005 Full Disclosure SEC-409 Summary ClamAV daemon can be shut off by any local user. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Description The userspace socket file for the clamd daemon has open permissions for necessary communication with userspace scanning functionality in cPanel. However, this socket also[…]

cPanel TSR-2018-0005 Announcement

[ad_1] cPanel TSR-2018-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to[…]

cPanel & WHM LTS Version 62 Now EOL

[ad_1] cPanel & WHM version 62 has reached End of Life and will no longer be supported by cPanel except when upgrading to a supported version. This was an extension of support, which can be read further about here: http://news.cpanel.com/support-for-cpanel-whm-version-62-extended-to-june-2018/ In accordance with our EOL policy (https://go.cpanel.net/longtermsupport), 62 will continue functioning on servers where it[…]