Live Chat Software by Champion Consulting
News
WHM/cPanel - Urgent Updates for 70, 76, and 78
Posted by Support Admin on 09 July 2020 12:59 PM

Update now to protect yourself and your users

 

In a post on the cPanel Blog last week, cPanel shared information regarding an exploit that had been identified in Exim. This exploit allows attackers to execute code as the root user on your server without authentication and was rated a 9.8 in severity. This exploit has now been weaponized and is being actively used to gain root-level access to vulnerable servers. Update today to ensure your server is not vulnerable.

cPanel & WHM Version 80 was never vulnerable to this exploit, and we released a patch for Version 78 the day it was provided by Exim last week. cPanel also backported the patch to the recently End of Life Version 70 and Version 76 after more details were released on Thursday, including details on exactly how to gain root access to a remote server. 

----------

The updated RPMs provided by cPanel should be at least 4.91-4 on versions 70 and 76 and at least 4.92 on versions 78 and above. Run the following command to see the current version of Exim:

rpm -q exim

The output should resemble below:

Versions 70 and 76 exim-4.91-4.cp1170.x86_64

Version 78 exim-4.92-1.cp1178.x86_64

Version 80 exim-4.92-1.cp1180.x86_64

You can refer to this article in our documentation for help updating to the patched version.

----------

While Exim is open source software that we bundle with our cPanel & WHM and is not built by cPanel, this vulnerability is something that we feel deserves our attention. This is an extremely rare and specific situation that has the potential to impact everyone who interacts with the internet in any way. For that reason, we have released an update to patch this vulnerability for both Version 70 and Version 76.

cPanel & WHM Versions 70 and 76 remain End of Life and will receive no other updates. This is a one-time bending of our policy, and we do not plan to pursue any other updates for these versions. We still strongly recommend that you keep your servers updated, and continue to run the most recent versions of cPanel & WHM available. 

The most current version today is Version 80. Some of the highlights of that version can be found below.


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

Help Desk Software by Champion Consulting