The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ADVISORY: Official Horde Update to 3.1.7 and upgrades to cPanel's PHP appli

Discussion in 'Security' started by ericgregory, Mar 10, 2008.

Thread Status:
Not open for further replies.
  1. ericgregory

    ericgregory Well-Known Member
    PartnerNOC

    Joined:
    Nov 27, 2002
    Messages:
    124
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Pennsylvania
    cPanel Access Level:
    DataCenter Provider
    SECURITY ADVISORY: Official Horde Update to 3.1.7 and upgrades to cPanel's PHP application security model available in cPanel builds 11.18.3 and 11.19.3.

    ----------------------

    Summary:
    The Horde webmail application framework has been updated to 3.1.7. Upgrades have been made in cPanel's PHP application security model.

    Description:
    The Horde webmail application framework has been updated to 3.1.7 for the official fix to the previously announced arbitrary file inclusion vulnerability. cPanel has also made upgrades in cPanel's PHP application security model for Horde, PHPMyAdmin, and PHPPGAdmin. These upgrades have been made to minimize or mitigate undiscovered vulnerabilities in these third-party applications while running within a cPanel installation.

    Fix Details:
    It is recommended that all cPanel servers running Horde be updated to either cPanel 11.18.3 or cPanel 11.19.3. If you do not wish to update cPanel, it is strongly recommended that you keep Horde disabled until these updates have been applied. You can disable horde on your cPanel system by unchecking WHM -> Server Configuration -> Tweak Settings -> Mail -> Horde Webmail, and saving with the new settings.

    You can check your current version of cPanel by executing:
    /usr/local/cpanel/cpanel -V

    Updates can be run via the following command executed from a root shell:
    /scripts/upcp

    Updates can be run through WHM as well. Login to WHM, then select cPanel -> Upgrade
    to Latest Version -> Click to Upgrade.

    References:
    http://lists.horde.org/archives/announce/2008/000382.html

    Credits:
    cPanel would also like to thank Jeff Petersen and Rob Brown for the additional security information provided with regards to this update.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page