-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TSR-2013-0012 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels of Important. Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels. If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience. RELEASES The following cPanel & WHM versions address all known vulnerabilities: * 11.40.1.7 & Greater * 11.40.0.31 & Greater * 11.38.2.15 & Greater * 11.36.2.12 & Greater The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net. SECURITY ISSUE INFORMATION During a routine code audit, an issue was discovered by the cPanel Product Security team. Later the same issue was reported by an external security researcher. Due to an unfortunate set of circumstances, the external researcher disclosed information about the issue on a public website. While cPanel does not believe the vulnerability is being actively exploited, we felt it to be in our customers best interest to publish an unscheduled security release. Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issue. Additional information is scheduled for release on December 23, 2013. For information on cPanel & WHM Versions and the Release Process, read our documentation at: http://go.cpanel.net/versionformat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJStQvoAAoJEJUhvtyr2U3fPbkQAMBDwfbPOYs9pYKqLXDGJ8fH ja6Dx4Ntl10kUgCFwTnRcShpKDp8MaCAYwVZTfOgCvPXT7aB2t7awJmgkCQih2vp bZ/HDRcm2Y89wEHSaKYTqZqAlBGWyTsxsTeiBMyhF8aSDvNTgrtCzohxPZ/X7Xc3 8xTYcXF9FKwZjYc0O7nEhaYr9h5YVYa3iq8eXMr0dWrP0MYMzTCkY+iqmNb1ThuT tHww1wvD5/D24qnvbj3k5G1LtZgCLNf06vQz6Pxf5vKt7Dat80SVDxWYT0+2MLQQ oJR/taffhDV6HzkuhDqkiH4FtEUqP10BFlNnKVVNN6SzHIErRf68haX/bULGHleM 250nr4yMn2t3kU+9lZ40SOI3W7vK8HSfkGgj01Il1R/K96RoqAfvnPPeLKXL5ap4 5YAqOLXYlZHxF3ue6k4r25gUAlrMrif8uhSVrTVkN3S9D7Y/orfIy9qnTP9FrwS6 wPFtAZkAggkGlgrbOQDiYsxlzuPqYPHz5mOmYlXtCvZKAj8GoA8bxUf8LZoNlEaB nJRqTyb2VqfqRzP3/719bYKzLanLT0Z+KG4p74phbh/6nNzjKRCg82ISKu3sWvYh nv8deSc0XLIhUF33f5tIsvyUtmpdLbwcBxhPryFEPDBMeOoSiu7Fk0BGlpjrNoL4 4UJDrtPeV4KBqlgdVx6z =Po07 -----END PGP SIGNATURE-----