cPanel Updates – November 2014

We have new updates from cpanel.

1) Notice: 11.40 Now EOL, 11.42 to EOL in 3 Months

cPanel & WHM software version 11.40 has now reached End of Life.
In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers. 

The last release of cPanel & WHM 11.40, 11.40.1.22, will remain on our mirrors indefinitely. 

However, no further updates, such as security fixes and installations, will be provided for 11.40. Older releases of cPanel & WHM 11.40 will be removed from our mirrors.

cPanel & WHM 11.42 is set to reach End of Life at the end of January 2015.
We recommend that all customers migrate any existing installations of cPanel & WHM 11.42 to a newer version (either 11.44 or 11.46).

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers) , then cPanel is here to help. 

Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.
About cPanel, Inc.

Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry.

 cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. 

cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.

2) EasyApache 3.26.10 Released

SUMMARY

cPanel, Inc. has released EasyApache 3.26.10 with PHP version 5.5.19 and PHP version 5.4.35. 

This release addresses vulnerabilities related to CVE-2014-3710 by fixing bugs in the Fileinfo module.  We strongly encourage all PHP 5.5 users to upgrade to version 5.5.19 and all PHP v5.4 users to upgrade to version 5.4.35.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.34.
All versions of PHP 5.5 through version 5.5.18.

SECURITY RATING

The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-3710 – MEDIUM
PHP 5.4.35
Fixed bug in the Fileinfo module related to CVE-2014-3710
PHP 5.5.19
Fixed bug in the Fileinfo module related to CVE-2014-3710

SOLUTION

cPanel, Inc. has released EasyApache 3.26.10 with updated versions of PHP 5.5.19 and PHP 5.4.35. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
http://php.net/ChangeLog-5.php

3) Microsoft® FrontPage® Blocking 11.46 Upgrades:

Removal Required

For many cPanel & WHM customers, an existing installation of Microsoft® FrontPage® extensions on their Linux server(s) is blocking the ability to upgrade to cPanel & WHM software version 11.46. 

Microsoft® discontinued support for FrontPage® extensions on Linux servers in 2006.

Blockers are conditions that will not allow the cPanel & WHM update process (upcp) to install a particular version. For more information on upgrade blockers, visit Upgrade Blockers.

Please note that the FrontPage® RPM and the FrontPage® opt mod (mod_frontpage) in EasyApache are separate entities. The presence of mod_frontpage will not block upgrades to cPanel & WHM version 11.46.
IMPACT

If you do not remove existing installations of Microsoft® FrontPage® extensions on your Linux server(s), you will be unable to upgrade to cPanel & WHM 11.46.
AFFECTED VERSIONS
cPanel & WHM 11.46

SOLUTION

If you are having trouble upgrading to 11.46, please take the following steps to remove Microsoft® FrontPage® RPM from your Linux server(s).
INSTRUCTIONS

In WHM:
Navigate to Home >> FrontPage >> Uninstall FrontPage Extensions.
Select the account for which you would like to uninstall the extensions.

Click UnInstall.

Or

From the command line:

Run /scripts/unsetupfp4 –all as the root user.
​We strongly recommend that you rebuild EasyApache without FrontPage® before you attempt to upgrade.

For more information on the Microsoft® FrontPage® blocker for cPanel & WHM 11.46 and how to determine if your server is affected, visit 11.46 FrontPage® Update Blocker.

Source : InstaCarma

Comments

Post a Comment

Popular posts from this blog

DevOps Basics You Should Know Before Adopting Services

Before you consider   D evOps service   for your organization to embrace this new approach, it is critical for you to develop at least a basic understanding of what all it takes for the holistic implementation of devOps for your organization. Just like agile, the adoption of devOps also involves embracing a set of practices that result from an organizational attitude, philosophy and culture. This is the reason why adopting devOps can be a bit misleading since the organizations are likely to undertake a few of the devOps related activities according to their understanding of it, and thereby, start believing that they have implemented it successfully – regardless of whether these activities define devOps or not. By this, we mean to say that more than being just a set of activities, devOps is a cultural change that an organization needs to make, for embracing it wholeheartedly. So, exactly what all does the devOps culture comprise of? To get there, we need to understand what motivated
Read more

Poodle – SSL Security Threat Explored

Poodle  is a breed of dog with legs that resembles cotton candies. It is intelligent and a regular staple at dog shows. Even the most friendly dogs have the propensity to bite.  Now we see all kinds of security alerts and snafus likes heartbleed and shell shock!!! The latest in addition is POODLE. All of this started when a team in Google developed and tested an attack named POODLE  (Padding Oracle On Downgraded Legacy Encryption) which uncovered vulnerability in  Secure Sockets Layer (SSL) version 3 protocol or in short SSLv3. SSLv3 is an obsolete but still used encryption in both older and new web browsers.  (It is an 18-year-old protocol which was replaced by the TLS protocol) POODLE tries to force the connection between your web browser and the server to downgrade  to SSLv3.  The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then uses this new vulnerability to decrypt sele
Read more