Bash Security Update(s) Issued

We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications.

Read more ...

Exim – Math Comparison Functions Local Command Execution

Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled.

The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can edit. In some cases, such as Exim being bundled with cPanel, the local command execution can actually lead to a root compromise as the Exim look-up is being done by the root user.

Read more ...

SimFS (VZ / OpenVZ) Exploit

Urgent Action Required

Looks like there is already a public exploit for the SimFS (VZ / OpenVZ) vulnerabilities that were disclosed today. The exploit will allow a malicious user to obtain any file from another container, making this a very serious vulnerability. Update should be applied as soon as possible.

Ongoing Discussion(s) via WHT:

Relevant Links / Updates:


source: hostingseclist

OpenSSL security updates issued

An update for OpenSSL was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.

More information can be found on this page.


source:hostingseclist

cPanel Security Updates Issued

TSR-2014-0004

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Read more ...

Woktron Live Chat