While I'm not a cPanel user, I did come over to the forums to post a note as soon as I read about the combo exploit; I am truly impressed to see that it was duly noted and dealt with by KH. It could just as easily have been a DirectAdmin exploit which would have directly affected anyone visiting my sites.
We have recently released an updated security patch for RELEASE/STABLE.
This patch includes the same protections (updated wrapper) that were
added to the CURRENT/EDGE trees. We recommend updating all RELEASE and
STABLE boxes with this patch. Please note that all boxes will be
automatically updated with this patch during tonight's update if
automatic updates are enabled.