Scroll Top

cPanel TSR-2015-0005 Announcement

September 22, 2015

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 6.0.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

  • 11.50.1.3 & Greater
  • 11.50.0.31 & Greater
  • 11.48.4.7 & Greater
  • 11.46.3.9 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.

Related Posts

cPanel security updates issued

An update for cPanel was just released and it is recommended that you update as soon as possible. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. Join Our Online…

22 Nov 2016
cPanel TSR-2017-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from…

31 Mar 2017
cPanel removed from VPS and dedicated server offers

Due to the ongoing uncertainty surrounding the cPanel control panel product we are forced to announce that we have removed cPanel licensing as an option from our VPS and dedicated server offerings. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases…

01 Jul 2019
Authentication bypass bugs in 3 plugins make 400.000 websites vulnerable

Researchers have discovered authorization bypass bugs in three WordPress plugins, making a total of 400,000 WordPress websites vulnerable to cyber attacks. The affected plugins are InfiniteWP, WP Time Capsule and the WP Database Reset plugin. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest…

23 Jan 2020
Linux Sudo patches address vulnerability

Security updates have been issued for several Linux distributions to address a flaw in Sudo. Sudo allows users to run programs with the security privileges of another user, by default the superuser. Users must, by default, supply their own password for authentication, rather than the password of the target…

02 Jun 2017
OpenSSL (RHEL) Security Update Issued

An update for OpenSSL on RHEL was just released to help address the Poodle OpenSSL security vulnerability and it is recommended that you update as soon as possible. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade…

17 Oct 2014
cPanel announces immediate price increases

cPanel have announced massive price increases that have seen hosting providers and users alike riling. Instead of paying per server, licensees will now have to pay per user account. This change is effective immediately and no options for grandfathering existing licenses have been provided. Join Our Online Security and…

28 Jun 2019
WordPress Sites Attacked Through Vulnerable Home Routers

Attackers are hijacking vulnerable home routers to launch attacks against WordPress sites. The attacks exploit two flaws in the TR-069 router management protocol to send malicious requests to port 7547. Experts have been advising home users to limit access to port 7547. Internet service providers (ISPs) could take steps…

16 Apr 2017
cPanel TSR-2019-0003 security update

  cPanel has released new builds for all public update tiers of the cPanel control panel. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. Join Our Online Security and…

20 May 2019
Critical Exim Security Vulnerability

A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems. Join Our Online Security and Hosting…

25 Nov 2017
Security updates for Adobe Acrobat and Reader

 Adobe’s first round of security updates for 2019 resolve two critical flaws for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much…

04 Jan 2019
Exploit discovered

Due to an exploit discovered in our billing and support system, our system was taken offline temporarily. This was done to ensure client data safety. The exploit was patched a short time afterwards, however we have decided to keep the billing portal temporarily offline until validity of this patch…

02 Oct 2013
libgcrypt vulnerability patched

Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library. The exploit could be used to recover a RSA-1024 key. Join Our Online Security and Hosting Newsletter Today and stay updated…

07 Jul 2017
WordPress 4.3.1 Security and Maintenance Release

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. Join Our Online Security and Hosting Newsletter Today and stay…

15 Sep 2015
Bash / Shellshock Patches May Not be Enough to Protect Systems

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate. Attacks exploiting the flaw appeared within a day of its disclosure. Those attacks may have made changes to systems that would not be remedied by the application of a patch. Join Our Online Security and Hosting Newsletter Today…

18 Oct 2014

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.
close-link
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy