cPanel TSR-2017-0003 Disclosure Delay
We are delaying the cPanel TSR-2017-0003 Disclosure for an additional 24 hours. The Disclosure will now be published May 17, 2017.
cPanel TSR-2017-0003 Disclosure Delay Read More »
Security
cPanel TSR-2017-0003 Announcement
cPanel TSR-2017-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores …
cPanel TSR-2017-0003 Announcement Read More »
WordPress Now on HackerOne
WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]
WordPress Now on HackerOne Read More »
cPanel Security Team: Cgiemail (CVE-2017-5613)
In December 2016, the cPanel Security Team became aware of potential vulnerabilities in cPanel & WHM following an investigation of the hints provided in the Shadow Brokers / Equation Group leaks. During our investigation, we found several vulnerabilities in cgiecho and cgiemail, one of which could be leveraged for remote …
cPanel Security Team: Cgiemail (CVE-2017-5613) Read More »
EasyApache 18 April 2017 Maintenance Release
SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on April 18, 2017, with PHP versions 7.0.18 and 7.1.4. This release addresses vulnerabilities related to CVE-2017-7272. We strongly encourage all PHP 7.0 users to upgrade to version 7.0.18 and all PHP 7.1 users to upgrade to version 7.1.4. AFFECTED …
EasyApache 18 April 2017 Maintenance Release Read More »
EasyApache 18 April 2017 Maintenance Release
SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on April 18, 2017, with PHP versions 7.0.18 and 7.1.4. This release addresses vulnerabilities related to CVE-2017-7272. We strongly encourage all PHP 7.0 users to upgrade to version 7.0.18 and all PHP 7.1 users to upgrade to version 7.1.4. AFFECTED …
EasyApache 18 April 2017 Maintenance Release Read More »
cPanel TSR-2017-0002 Full Disclosure
cPanel TSR-2017-0002 Full Disclosure SEC-208 Summary Addon domain conversion did not require a package for resellers. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L Description Previously, when you converted an addon domain to a normal account, it was not required that a reseller specify a …
cPanel TSR-2017-0002 Full Disclosure Read More »
Updates to TSR announcement and disclosure information
With the first TSR release of 2015 we began providing CVSSv2 scores in our full disclosure of resolved security issues in cPanel & WHM. The CVSSv2 scoring system is a free and open standard that attempts to rate the severity of security vulnerabilities (finalized in June 2007). In June 2015 …
Updates to TSR announcement and disclosure information Read More »
WordPress 4.7.3 Security and Maintenance Release
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]
WordPress 4.7.3 Security and Maintenance Release Read More »
EasyApache 21 February 2017 Maintenance Release
SUMMARY cPanel, Inc. has released EasyApache 3.34.12 with Apache version 2.2.32. This release addresses vulnerabilities related to CVE-2016-8743 and CVE-2016-5387. We strongly encourage all Apache 2.2 users to upgrade to version 2.2.32. AFFECTED VERSIONS All versions of Apache 2.2 through version 2.2.31 SECURITY RATING The National Vulnerability Database (NIST) has …
EasyApache 21 February 2017 Maintenance Release Read More »