cPanel has published security updates for all supported versions of cPanel & WHM. These updates contain fixes for a problem with the Roundcube webmail application. We recommend all customers update to the latest build of each version as soon as possible.
The cPanel Security Team has assigned a rating of Important to the vulnerability. Information on security ratings is available at http://go.cpanel.net/securitylevels. A locally authenticated user could take advantage of the flaw to gain access to sensitive information belonging to other accounts on the system. This problem was reported to us in case 64407.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.
Releases
The following versions of cPanel & WHM address all known vulnerabilities:
* 11.36.0.20
* 11.34.1.13
* 11.32.6.4
The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.