cPanel TSR-2019-0002 Full Disclosure

[ad_1] Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update. Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels. If your deployed cPanel & WHM servers are configured[…]

TSR-2019-0002 Announcement

[ad_1] cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.5 to 7.8. Information on[…]

EasyApache 4 Jan 30 Release

[ad_1] We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Slack, Discord, or Reddit to talk about this update and much more. This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures),[…]

cPanel TSR-2018-0006 Full Disclosure

[ad_1] cPanel TSR-2018-0006 Full Disclosure SEC-366 Summary PostgreSQL password changes performed in an insecure manner. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Description When using the WHM ‘Configure PostgreSQL’ interface to change the primary PostgreSQL password, it was possible for unauthorized users to log into PostgreSQL and change the[…]

cPanel TSR-2018-0006 Announcement

[ad_1] cPanel TSR-2018-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to[…]

EasyApache 4 2018-11-07 Security Release

[ad_1] SUMMARYcPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.62.0. This release addresses vulnerabilities related to CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0. AFFECTED VERSIONSAll versions of cURL through cURL 7.61.0 SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings to[…]

EasyApache 2018-09-19 Security Release

[ad_1] SUMMARYcPanel, Inc. has updated RPMs for EasyApache 4 with PHP versions 5.6.38, 7.0.32, 7.1.22, and 7.2.10 and released EasyApache 3.36.8 with PHP version 5.6.38 on September 19, 2018. This release addresses vulnerabilities related to CVE-2018-17082. We strongly encourage all PHP 5.6 users to upgrade to versions 5.6.38, all PHP 7.0 users to upgrade to[…]

cPanel TSR-2018-0005 Full Disclosure

[ad_1] cPanel TSR-2018-0005 Full Disclosure SEC-409 Summary ClamAV daemon can be shut off by any local user. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Description The userspace socket file for the clamd daemon has open permissions for necessary communication with userspace scanning functionality in cPanel. However, this socket also[…]

cPanel TSR-2018-0005 Announcement

[ad_1] cPanel TSR-2018-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to[…]