-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Unscheduled TSR 8/10/21 cPanel Perl Encode.pm CVE-2021-36770 Background Information On August 9th 2021, Perl announced a vulnerability in the Encode.pm perl module version 3.05.Ê Impact According to Perl development: This bug replaces the contents of @INC with a predictable integer, which is treated as a directory relative to the current working directory, long enough to execute one "require". The vulnerability was introduced in Encode v3.05 Releases Ê Versions greater than or equal to the versions listed below include the updated Encode.pm perl module. 11.94 - 11.94.0.15 11.96 - 11.96.0.15 11.98 - 11.98.0.4 How to determine if your server is up-to-date For versions 94 and greater, the previously updated RPMs provided by cPanel will contain a changelog entry noting the applied fixes. You can check for the changelog entry in versions 94 and 96 with the following command: rpm -q --changelog cpanel-perl-532-Encode | grep "Encode 3.12" For version 98 you need the following command (note the lowercase 'encode') rpm -q --changelog cpanel-perl-532-encode | grep "Encode 3.12" The output for any version should resemble below: - - Update patches: Encode 3.12 - - Update from upstream: Encode 3.12 What to do if you are not up-to-date If your server is not running one of the above versions, update immediately. To upgrade your server, navigate to WHM's Upgrade to Latest Version interface ( Home >> cPanel >> Upgrade to Latest Version ) and click Click to Upgrade. To upgrade cPanel from the command line, run the following commands: /scripts/upcp /scripts/check_cpanel_rpms --fix --long-list For versions 94 and 96, verify the updated Perl RPM was installed: rpm -q --changelog cpanel-perl-532-Encode | grep "Encode 3.12" For version 98 you need the following command (note the lowercase 'encode') rpm -q --changelog cpanel-perl-532-encode | grep "Encode 3.12" The output for any version should resemble below: - - Update patches: Encode 3.12 - - Update from upstream: Encode 3.12 Ê Additional Information Credit: This bug was reported to perlsec on June 26 by Dom Hargreaves on behalf of Debian, passing on a report from Paul Wise. CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36770 -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmESuqwUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9qYQ/9GObeVf48tPMMNFYMfs6190GYMr3x Hvo0Onvub9HJRD/MNQv5tC/zMmHhsbxoi0e7HYj4njcZSbJL9elPflGrYwDKny9I lR79KCfz5soFr9WVWZ5ff4vkOWYhAgIpunkaeL89g2b7/XqCG4CUHZo/VZUqrNdI 0j5VISyGe8x6RWc9RE0P1nMPM5LLtvl78JcceL273/Rhs7KThFNox+/8EA2lvwjO kSqrsS6YRwUBHXe6HXsdCDsm5QtcrU4W3w0eyQ8IlcrkMYsA2jwi944tEjwCa9fF msQDCSKsTbQ1w1u3zmFY4YZ66bFSKx4bgFJ7WGTpefbNYzI76wpM3Rx8BkSPNugh nkvqmd+Y+rVwzQkUvrYxf41PA1m7xVa1tvLjYUGJkzrnEHptkuAkVohAI1SEjty7 3IWFIgvGoybgteHi8UkxY8HIyXCT0qtSkVeJ7N+ckARShNdUN1BRObBkzhJ6G2Be QCsvJP0mPSsuWCHgfD83Y1jx6yjxOnI5BddcjbSKdrPKmHh0WKsfF/s+Ol7btxg5 /SQdeuPH9mJOoFmReyR1K8Py5oR67AQGK+F1pLUvR5CW9TKtUk2YsTXFk6B2zpfI 9hlzQvFFTIqvvHzr75HrhRsj5GJjPdcVpcuy0oQ/96OkzQvnQoFY+P83M620ADTG AelRxk4COKdOXPk= =LN4M -----END PGP SIGNATURE-----