While I'm not a cPanel user, I did come over to the forums to post a note as soon as I read about the combo exploit; I am truly impressed to see that it was duly noted and dealt with by KH. It could just as easily have been a DirectAdmin exploit which would have directly affected anyone visiting my sites.Due to the recently found security hole in cPanel we executed cPanel update procedure on all cPanel VPSs hosted with us.
We're going to run upcp on all cPanel VPSs just to be sure that patch is delivered to every single system even in case if auto-update is disabled.We have recently released an updated security patch for RELEASE/STABLE.
This patch includes the same protections (updated wrapper) that were
added to the CURRENT/EDGE trees. We recommend updating all RELEASE and
STABLE boxes with this patch. Please note that all boxes will be
automatically updated with this patch during tonight's update if
automatic updates are enabled.
To apply this patch:
wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl
or
/scripts/upcp
Please note that you will not need to patch new installs.
Thank You
cPanel Development Team