cPanel-Apache 2.4.9 / EA 3.24.13

SUMMARY
cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

AFFECTED VERSIONS
All versions of Apache version 2.4 before 2.4.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438
http://httpd.apache.org/docs/trunk/new_features_2_4.html

cPanel 11.42 Now in STABLE Tier

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier.
cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net .* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

cPanel 11.42 Expected in STABLE Tier

cPanel, Inc. tentatively plans to release cPanel & WHM software version 11.42 in the STABLE tier on March 17, 2014.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net. * An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

EasyApache 3.24.12 Release Announcement

SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.26.
All versions of PHP 5.5 before 5.5.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-1943 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-1943.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-1943.

CVE-2014-2270 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-2270.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-2270.

CVE-2013-7327 – MEDIUM

PHP 5.5.10
Fixed bug in the GD module related to CVE-2013-7327.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.12 with updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2270
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327
http://www.php.net/ChangeLog-5.php#5.5.10
http://www.php.net/ChangeLog-5.php#5.4.26