cPanel has published a new security release, 11.34.1.7, containing Rails and ProFTPd security fixes. We recommend that all affected customers on the CURRENT, RELEASE, and STABLE tiers update to 11.34.1.7 as soon as possible.

This release addresses two major vulnerabilities with Ruby on Rails (CVE-2012-5664 and CVE-2013-0156) which are resolved in Rails 2.3.15, and one with ProFTPd (CVE-2012-6095) which is resolved in ProFTPd 1.3.5rc1.

phpMyAdmin has also been upgraded from 3.5.3 to 3.5.5.

Please note that, for the Rails update, this release provides the new version but does not remove any previous versions. It is therefore of great importance for any customers using software that currently depends on Rails 2.3.14 to ensure that it uses 2.3.15 moving forward in order to avoid remaining vulnerable.

You may check which version(s) of the Rails and Action Pack gems you have installed using the gem list command.

Example:

# gem list | grep -e actionpack -e rails
actionpack (2.3.15)
rails (2.3.15)