WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]
WordPress Now on HackerOne Read More »
In December 2016, the cPanel Security Team became aware of potential vulnerabilities in cPanel & WHM following an investigation of the hints provided in the Shadow Brokers / Equation Group leaks. During our investigation, we found several vulnerabilities in cgiecho and cgiemail, one of which could be leveraged for remote …
cPanel Security Team: Cgiemail (CVE-2017-5613) Read More »
SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on April 18, 2017, with PHP versions 7.0.18 and 7.1.4. This release addresses vulnerabilities related to CVE-2017-7272. We strongly encourage all PHP 7.0 users to upgrade to version 7.0.18 and all PHP 7.1 users to upgrade to version 7.1.4. AFFECTED …
EasyApache 18 April 2017 Maintenance Release Read More »
SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on April 18, 2017, with PHP versions 7.0.18 and 7.1.4. This release addresses vulnerabilities related to CVE-2017-7272. We strongly encourage all PHP 7.0 users to upgrade to version 7.0.18 and all PHP 7.1 users to upgrade to version 7.1.4. AFFECTED …
EasyApache 18 April 2017 Maintenance Release Read More »
cPanel TSR-2017-0002 Full Disclosure SEC-208 Summary Addon domain conversion did not require a package for resellers. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L Description Previously, when you converted an addon domain to a normal account, it was not required that a reseller specify a …
cPanel TSR-2017-0002 Full Disclosure Read More »
With the first TSR release of 2015 we began providing CVSSv2 scores in our full disclosure of resolved security issues in cPanel & WHM. The CVSSv2 scoring system is a free and open standard that attempts to rate the severity of security vulnerabilities (finalized in June 2007). In June 2015 …
Updates to TSR announcement and disclosure information Read More »
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]
WordPress 4.7.3 Security and Maintenance Release Read More »
SUMMARY cPanel, Inc. has released EasyApache 3.34.12 with Apache version 2.2.32. This release addresses vulnerabilities related to CVE-2016-8743 and CVE-2016-5387. We strongly encourage all Apache 2.2 users to upgrade to version 2.2.32. AFFECTED VERSIONS All versions of Apache 2.2 through version 2.2.31 SECURITY RATING The National Vulnerability Database (NIST) has …
EasyApache 21 February 2017 Maintenance Release Read More »
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. […]
WordPress 4.7.2 Security Release Read More »
cPanel TSR-2017-0001 Full Disclosure SEC-196 Summary Fixed password used for Munin MySQL test account. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) Description The Munin monitoring tool includes a plugin to check the status of the MySQL service. This plugin used a dedicated test MySQL …
TSR-2017-0001 Full Disclosure Read More »
