cPanel Apache Security Hole Alert Published: Jun 07, 2004

• Rating

  0/5

ecurity A Security hole has been discovered in the cPanel's suexec/mod_php handlers, hosts update Apache immediately!

From Cpanel News:

Cpanel Security Advisory
"Security A Security hole has been discovered in the cPanel's suexec/mod_php handlers.

To resolve the problem:
Update apache using easyapache, or the WHM's apache builder.
Once apache is updated, you should then update to cPanel 9.4.0 or later. (It is recommended that you update cPanel. The cPanel update is not required to resolve the security hole. Howver, it will provide a better security model to guard against future problems.)

* RELEASE and STABLE users should wait until Tuesday June 8th (or when this notice is removed) to upgrade cPanel.
Severity: HIGH"

Follow our tutorial on fixing the problem! Updating Apache using Cpanel EasyApache

WARNING BEFORE UPDATING:
We have updated our servers an now /cpanel and /webmail aliases were broken!
WHM 9.4.0 cPanel 9.4.0-C5  is was the CURRENT version. Support request has been sent to Cpanel to get this fixed... you may want to hold off on updating your Cpanel machine. This issue HAS BEEN FIXED with the latest EDGE build thanks to Cpanel for their speedy response.

Change Log - EDGE RELEASE:
9.4.0 (build 10) Mon Jun 7 23:17:20 2004
make /cpanel/, /whm/, /webmail work again after the apache update

We have confirmed this release works, fixing the alias issues, wohoo :)