EasyApache 3.26.3 Released

cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1.

AFFECTED VERSIONS
All versions of PHP 5.5 before 5.5.15.
All versions of Libxslt before 1.1.28.
All versions of Libxml2 before 2.9.1.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-4670 – MEDIUM

PHP 5.5.15
Fixed a bug in the SPL component related to CVE-2014-4670.

CVE-2012-6139 – MEDIUM

Libxslt 1.1.28
Fixed a bug in the Libxslt library related to CVE-2012-6139.

CVE-2012-5134 – MEDIUM

Libxml2 2.9.1
Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134.

CVE-2013-0338 – MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0338.

CVE-2013-0339 – MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0339.

CVE-2013-1969 – HIGH

Libxml2 2.9.1
Fixed buffer conversion bugs related to CVE-2013-1969.

CVE-2013-2877 – MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-2877.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877
http://php.net/ChangeLog-5.php#5.5.15
http://xmlsoft.org/ChangeLog.html
http://xmlsoft.org/Libxslt/ChangeLog.html

Beware of These 4 Common and Dangerous Cyberattacks

Last week Google unveiled Project Zero, a new team dedicated to making Internet users less vulnerable to cyberattacks. From Heartbleed to Cryptolocker, the headlines are increasingly full of news about scary new threats that target the average Internet user.

“You know to delete that email that tells you you’ve won the lottery, so attackers have to change their approach over time,” Chris Weber, the co-founder of Casaba Security, told NBC News. “But really, these are new spins on old kinds of attacks.”

Here are four common and dangerous types of cyberattacks to watch out for — and how to avoid or fix them.

Ransomware

What it looks like: Ransomware falls under the large cyberattack umbrella of “malware” –- malicious software — and it’s a particularly scary brand. It locks up a victim’s computer files and demands payment in exchange for unlocking them.

Internet Danger: What Is Ransomware?

Victims of ransomware usually see a pop-up warning that overtakes the device’s screen, blocking access and encrypting files. The message demands the victim pay hundreds of dollars to unlock the files and regain access to the computer.

What to do: While it’s tempting to pay the ransom, security experts say that’s a bad idea: There’s no guarantee the crooks will actually free the files, and funding criminal activity only fuels it.

Ransomware victims can try to remove the malicious program themselves using anti-virus software, or take the infected device to a computer repair shop. If the ransomware can be removed, sometimes that’s all that’s needed: if the files weren’t actually encrypted, they would be accessible again. But if the files were indeed encrypted as threatened, removing the ransomware won’t change that.

“Unfortunately this is one of those cases when if your data has been encrypted, there’s just nothing you can really do,” Kevin Johnson, the CEO of cybersecurity consultancy Secure Ideas.

As with most malware, ransomware is often unwittingly downloaded when users open email attachments or click on links, so as always caution is advised.

Sketchy video sites that ask you to install a “codec” or update

What it is: Didn’t feel like paying to stream that new movie, eh? It can be tempting to watch it for “free” on a website that streams pirated video, but these disreputable sites are sometimes filled with potential cyberattacks.

In this type of attack, victims click what looks like a regular video player in an attempt to stream the content. But then a message pops up telling the user to install a “codec” or other kind of update in order to view the video. Victims who download the so-called update are actually installing malware on their own computers.

What to do: Be wary of any message that pushes you to download something in order to view a video. And it’s not only sketchy “free video” sites: spammy viral video clips that make their way around Facebook could also be malicious. (One of the exceptions is Netflix, which uses Microsoft Silverlight to stream video.)

“You really have very few reasons to have to install anything to watch content on the Internet,” Dave Aitel, the CEO of security firm Immunity Inc., told NBC News. “But people say, ‘I really want to watch that show, so I’ll click until the clip starts playing.'”

Malicious links in messaging apps and social networks

What it is: This threat is perhaps the most similar to attack methods that have been around a while. That old spam email that contains a malicious link or attachment isn’t dead; it has simply moved to networks where people are active, and where they think they can trust a network of friends.

“We know to be more careful about email, but getting infected now isn’t like it used to be,” Raj Samani, the chief technology officer for McAfee’s EMEA region, told NBC News. “It could be a link in a LinkedIn connection request that looks legitimate, or a Twitter direct message that is supposedly from a friend.”

On a mobile device,the malicious software could harvest contact information, secretly send calls and send texts to premium numbers and track a user’s location, for example.

What to do: Beyond the standard advice to avoid clicking on suspect links and files, Samani suggests mobile phone users install anti-virus programs that could catch the threats.

“Anti-virus is standard for most people on their desktop or laptop, but how many people do you know have it installed on mobile?” Samani said. His employer — McAfee — offers a free version of mobile anti-virus, as do companies such as Avast.



Fake Flappy Bird (and other popular apps)

What it is: The addictively simple (and temporarily pulled) mobile game Flappy Bird is lots of fun — but the hundreds of malicious clone apps lurking in app stores are quite the opposite.

“When an app gets even halfway popular — much less something as viral as Flappy Bird — app stores get so flooded that it’s hard to find the legitimate one,” Aitel said.

In Flappy Bird’s case, a report released last month from anti-virus company McAfee said hundreds of clones emerged in the first quarter of 2014 (after the legitimate app’s creator took it down). McAfee tested 300 of the clones and found that almost 80 percent of them contained malware.

Once downloaded, those malicious clones did very bad things with the victims’ phones, and in the worst cases, the malware gained full control of the infected device.

What to do: Carefully check before downloading an app from an app store: Check the creator’s name, the app’s description and the reviews among other information. Avoid giving any app sweeping permission to access parts of the phone, as tempting as it is to simply keep clicking “yes.” As with the previous threat, mobile anti-virus software can help mitigate or avoid the damage.

By Julianne Pepitone

EasyApache 3.26.2 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10.

AFFECTED VERSIONS
All versions of Apache 2.4 before 2.4.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0117 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_proxy module related to CVE-2014-0117.

CVE-2014-0226 – MEDIUM

Apache 2.4.10
Fixed a race condition related to CVE-2014-0226.

CVE-2014-0118 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_deflate module related to CVE-2014-0118.

CVE-2014-0231 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_cgid module related to CVE-2014-0231.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.2 with an updated version of Apache 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
https://www.apache.org/dist/httpd/CHANGES_2.4

Google Aims To Make The Internet Safer With Its New Security Team, Project Zero

(The Hosting News) – Google has created a new team of security researchers with the goal of making the Internet safer by reducing the number of people harmed during zero-day attacks.

The new security team, Project Zero, is a team of highly skilled, full-time researchers that works toward locating and reporting large numbers of security threats.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” says Google “Researcher Herder” Chris Evans via blog post. “We think more can be done to tackle this problem.”

Evans notes that Project Zero isn’t restricted to finding vulnerabilities in only Google products. The team will work to discover bugs in other software that is widely used, paying attention to “techniques, targets and motivations of attackers.”

The information found will be stored in an external database where the vendors of the compromised software will be notified. Once a patch is made available, the team will release the information to the public, allowing users to discuss the vulnerability and see how long it took the vendor to patch the bug.

Google is currently looking for researchers for Project Zero, though they did not offer information on how to apply.

EasyApache 3.26 Released

We are happy to announce the release of EasyApache 3.26 for cPanel & WHM. EasyApache 3.26 features a redesigned profile page that is easier to use and more informative.

EasyApache’s redesigned profile page includes cPanel & WHM’s new Optimal Profiles. The new Optimal Profiles include the recommended versions of PHP and Apache, and the modules that ensure that your EasyApache build is more secure and reliable. The new Optimal Profiles are tailored to your operating system and include profiles that we designed for the CloudLinux operating system. “Our Optimal Profiles help ensure a higher level of safety for our customers,” said the cPanel EasyApache Team.

For the most secure environment, we recommend that you use EasyApache’s new MPM ITK Optimal Profile for CloudLinux. This profile utilizes EasyApache 3.26’s new Apache MPM ITK option. The Apache MPM ITK option is available for CentOS, but does not include the additional security that the CloudLinux operating system provides. For more information on CloudLinux, visit http://cloudlinux.com.
______________________________

EasyApache 3.24.22 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.30.
All versions of PHP 5.5 before 5.5.14.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3981 – LOW

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the PHP core code related to CVE-2014-3981.

CVE-2014-0207 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-0207.

CVE-2014-3478 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3478.

CVE-2014-3479 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3479.

CVE-2014-3480 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3480.

CVE-2014-3487 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3487.

CVE-2014-4049 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Network module related to CVE-2014-4049.

CVE-2014-3515 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the SPL module related to CVE-2014-3515.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.22 with an updated version of PHP 5.4 and PHP 5.5 to correct this issue. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3981
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0207
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3478
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3480
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3487
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4049
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3515
http://www.php.net/ChangeLog-5.php#5.4.30
http://www.php.net/ChangeLog-5.php#5.5.14