Introduction

On January 18th, 2016, cPanel announced a patch to address security concerns with cPanel and WHM (TSR-2016-0001).  This patch addresses 20 vulnerabilities in cPanel & WHM cloud hosting software versions 11.54, 11.52, 11.50, and 11.48.

cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 10.0.  Security level definitions can be located here.

At this time, additional information regarding the security vulnerabilities has not been made available.  This information is currently set to be released on January 25th, 2016.  You can check the cPanel Announcement page here for updates.

So what does this mean?

cPanel is suggesting that all cPanel/WHM servers that are not set to automatically update perform manual updates to the policies.  This will fix the vulnerabilities before they become an issue.

The Fix for the cPanel TSR-2016-0001 Announcement

Start by logging into your WHM management page.  In the options on the left, almost all the way at the bottom is a section named “cPanel” and under that section is “Upgrade to Latest Version”.  By clicking on Upgrade… option, it will take you to a page allowing our to “Click to Upgrade.”

cpanelupdate

After clicking on the blue “Click to Upgrade” button, an installation window will appear and run.  This may take a few minutes, but be assured that the process is running.  Once this is completed, the completion bar will state 100%, and the text box will turn green.  This means all your cPanel accounts have been updated to the current version and are safe from the potential vulnerabilities.

cpanelupdate2