The cPanel security team has identified several security concerns in their control panel software. They have released patches to address all these security concerns with the cPanel and WHM product. This patch addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48.
For more details regarding this announcement, please check the following article :-
https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-announcement.520741/
Whom does it affect?
We have made the necessary changes on all our shared hosting servers. If you have bought a VPS / Dedicated Server with cPanel addon added to it, then you need to read through the instructions mentioned below.
What do you need to know?
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly recommend you to update your cPanel & WHM installations at your earliest convenience.
You need to update the cPanel to non-vulnerable versions :-
The following cPanel & WHM versions address all known vulnerabilities:
11.54.0.4 & Greater
11.52.2.4 & Greater
11.50.4.3 & Greater
11.48.5.2 & Greater
Note : You can find the cPanel version either from WHM front-end interface at the top or by running the command “/usr/local/cpanel/cpanel -V” via command line interface (through SSH).
How do you update the cPanel version?
-
WHM interface :- You can update the cPanel version from WHM panel through the following steps :-
-
Command line interface (CLI) :- You can update the cPanel version through CLI by accessing the server via SSH and running the following command :-
#/scripts/upcp --force
For more details regarding the cPanel upgrade, please check this link - https://documentation.cpanel.net/display/1142Docs/Upgrade+to+Latest+Version
If you have managed dedicated server and if there is any difficulty in upgrading the cPanel version, please open a ticket with the support team along with the dedicated server root user login credentials.
Incase you have any questions please reach out to the Support Team immediately.