cPanel security update

KH-Paul

CTO
Staff member
#1
Due to the recently found security hole in cPanel we executed cPanel update procedure on all cPanel VPSs hosted with us. This is only an informational thread, no action required from your side.

Regards,
Paul
 
#2
Thank you!!!

I just read about the cPanel exploit and the Hostgator mess.
I ran /scripts/upcp and I am also glad to see that Knownhost is on top of this.

BTW.. everyone should have upcp run as a daily cron job!!!

Thanks for looking out for us! Keep up the great work!
 

KH-Paul

CTO
Staff member
#3
Every cPanel VPS was updated by this time.

Klurt - glad to hear that you read things and care about security ;)

Regards,
Paul
 
#4
Thanks!

Due to the recently found security hole in cPanel we executed cPanel update procedure on all cPanel VPSs hosted with us.
While I'm not a cPanel user, I did come over to the forums to post a note as soon as I read about the combo exploit; I am truly impressed to see that it was duly noted and dealt with by KH. It could just as easily have been a DirectAdmin exploit which would have directly affected anyone visiting my sites.

Just wanted to say your diligence is appreciated.
 

KH-Paul

CTO
Staff member
#5
Just got yet another update from cPanel:

We have recently released an updated security patch for RELEASE/STABLE.
This patch includes the same protections (updated wrapper) that were
added to the CURRENT/EDGE trees. We recommend updating all RELEASE and
STABLE boxes with this patch. Please note that all boxes will be
automatically updated with this patch during tonight's update if
automatic updates are enabled.

To apply this patch:

wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl

or

/scripts/upcp

Please note that you will not need to patch new installs.

Thank You
cPanel Development Team
We're going to run upcp on all cPanel VPSs just to be sure that patch is delivered to every single system even in case if auto-update is disabled.

Regards,
Paul
 
Top