sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
This should probably be posted in Bugzilla, but I wanted to make sure that this was an issue that affected CPanel first. Looks like there is a new bug in Apache, specifically in mod_rewrite:

http://secunia.com/advisories/21197

The recommended solution is to upgrade to Apache 1.3.37. It would appear that easyapache is at 1.3.36. I wasn't sure if this affected CPanel's Apache (I would think that it does) or exactly how serious this is.
 

speckados

Well-Known Member
One more time, Cpanel Team, don't work for security on Cpanel/WHM.

Expensive panel qith several problems of security issues.

http://bugzilla.cpanel.net/show_bug.cgi?id=4433 has 48 hours.

Security Advisore more 3 days.

Explot calisfied CRITICAL.

Please, Cpanel Team, more hard work on Security Issues.

:p

Advisorie of Apche Foundation:
This issue has been rated as having important security impact by the Apache HTTP Server Security Team.onto http://www.apache.org/dist/httpd/Announcement1.3.html
 
Last edited:

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
Just a note, I ran easyapache this morning on a test server and it appears that 1.3.37 is being compiled now. Someone else may want to verify this and make sure 1.3.37 is installing. I'm not aware of any official word from CPanel, so I might proceed with caution regarding the upgrade, but I did want to let everyone know that it appears 1.3.37 is available now.
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
As fas as I know the Apache version is indepdent of your CPanel build. So it doesn't matter what CPanel tree you are using, easyapache will install the same version of Apache for each build. I may be wrong in that regard. At any rate, I'm using Release and 1.3.37 is in it.
 

gahelm

Active Member
Jun 21, 2003
37
0
156
Florida
I'm on the stable release tree and it will only compile 1.3.36. Any way to get 1.3.37 into the stable release tree?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
gahelm said:
I'm on the stable release tree and it will only compile 1.3.36. Any way to get 1.3.37 into the stable release tree?
Just re-compiled Apache on one of our client's servers and I got:

Server version: Apache/1.3.37 (Unix)
Server built: Aug 3 2006 16:46:36
Server: cPanel [10.8.2-RELEASE_119]
 

MPCN_Russ1

Member
Jun 26, 2003
19
0
151
Hey all,

Does is cause any problems if you were to just manually configure any software like apache or php together manually rather then using cPanel? Will cPanel have any issues?

Thanks,
Russ
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
MPCN_Russ1 said:
Hey all,

Does is cause any problems if you were to just manually configure any software like apache or php together manually rather then using cPanel? Will cPanel have any issues?

Thanks,
Russ
I don't know about Apache, but I always compile PHP separately. This is mainly because I want to do more customization to my PHP installs.

One quick tidbit, if you run easyapache, you can unselect PHP so that it is not checked, then easyapache won't compile PHP. Your PHP will continue to work and easyapache will only compile Apache. This can greatly improve the amount of time spent upgrading Apache. One word of caution, if you are using phpSuExec, you must check that box in easyapache. You don't have to select PHP, but you do have to check the phpSuExec option. This is because the phpSuExec wrapper depends on some patches applied to Apache's source code, and selecting this option tells easyapache to apply those patches.

Hope this helps.
 

pixel_fenix

Member
Nov 23, 2003
6
0
151
I can't seem to get apache to compile with mod_ssl Gives some hook error or something. Is anyone else experiencing this?
 

a66fm

Well-Known Member
Jul 12, 2003
78
0
156
Greece
pixel_fenix said:
I can't seem to get apache to compile with mod_ssl Gives some hook error or something. Is anyone else experiencing this?
yes in my case it was missing the
Code:
<IfDefine SSL>
before the ssl virtual host
and the
Code:
</IfDefine>
after
 

IRCBrasil

Well-Known Member
Jul 22, 2004
93
0
156
Witch version? 0.9.8b is exploitable too?

perfect-games said:
thats not the only bug i discovered bugs in openssl and can be exploted to gain root level access.

oh well

hope they fix it