Cpanel Service Emails

From CyberWurx Customer Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 18:56, 25 October 2007 (edit)
Cwadmin (Talk | contribs)

← Previous diff
Current revision (12:37, 13 October 2010) (edit) (undo)
Cwadmin (Talk | contribs)

 
(18 intermediate revisions not shown.)
Line 1: Line 1:
-==Sept 4, 2007==+== September 20, 2010 ==
<pre> <pre>
-From billing@cpanel.net+NOC:
-Subject cPanel Advisory: IO::Compress and DNS Zones missing+
-Body NOC:+
You are receiving this communication because you are listed as the You are receiving this communication because you are listed as the
-tech contact for Cyber Wurx, LLC.+Technical Contact contact for Cyber Wurx, LLC.
-Dear cPanel Partner,+Greetings,
-The CPAN module IO::Compress::Zlib version 2.006 has caused several issues for+Please pass this very important announcement to Operations or your Technical Support team.
-some. The problems arise due to a dependency upon IO::Compress::Base not+ 
-being correctly installed. This is due to some mirrors not being updated with+A Linux Kernel Exploit has been released that directly impacts all 64-bit kernels. It is
-the proper dependency information. Since the dependencies are incorrect, the+highly recommended you review the links below to gather more information on this exploit.
-module no longer functions properly. The most noticeable problem from this is+ 
-the complete breakage of DNSAdmin, however other issues are caused. To+http://forums.cpanel.net/f185/x86_64-kernel-exploit-165758.html#post692222
-alleviate the problems, cPanel is providing a hotfix which can be applied in+https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml
-the following manner:+http://linux.slashdot.org/article.pl?sid=10/09/20/0217204
 + 
 +cPanel is providing this as information only. The scope of support that is provided with
 +cPanel/WHM does not include security related operating system support. Please seek the
 +advice of an expert if you are unsure or have further questions about the workaround or exploit.
 + 
 + 
 + 
 + 
 + 
 +---------------------
 +</pre>
 +== January 13, 2010 ==
 +<pre>
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +Technical Contact contact for Cyber Wurx, LLC.
 + 
 +Problem:
 +The release of 11.25.0-RELEASE_42399 and 11.25.0-CURRENT_42399 introduced a configuration issue that may cause
 +Apache configuration syntax errors on servers with no accounts when the mod_userdir tweak is enabled. The
 +condition will present itself upon addition of the first account to the server. This issue is quickly addressed
 +by rebuilding the Apache configuration file.
 + 
 +Symptoms:
 +The following error can be seen in the cpanel error_log and when attempting to restart Apache:
 + 
 +UserDir "enable" keyword requires a list of usernames
 + 
 +Newly created websites would be sent to defaultwebpage.cgi instead of the appropriate document root.
 + 
 +Resolutions:
 +1) New builds, 11.25.0-CURRENT_42400 and 11.25.0-RELEASE_42400, have been published to address the issue. This
 +issue will not be present on subsequent new installations. Upgrading a currently affected system will resolve
 +this issue.
 + 
 +2) Rebuilding the Apache configuration after the addition of the first account will permanently resolve this
 +issue.
From the command line: From the command line:
 +/scripts/rebuildhttpdconf
 +/scripts/restartsrv_httpd
-1. SSH into your server as root.+or
-2. At the command line, execute the following:+
-/scripts/autorepair io_compress_gzip+
-Or from WHM:+/scripts/autorepair userdir_enable_fix
 +/scripts/restartsrv_httpd
-1. Log into WHM as root 
-2. Enter the following URL into your browser's address bar: 
-https://__YOURSERVERHERE__:2087/autofixer 
-(example: https://www.example.com:2087/autofixer) 
-3. When prompted, enter: io_compress_gzip 
-The autofixer will report it is applying "IO::Compress::Zlib autorepair+From the WHM:
-verison 1.1" This process replaces the IO::Compress::Zlib with+Service Configuration -> Apache Configuration -> Global Configuration ->
-version 2.005. Also a hold back has been enabled to prevent the perl installer+Save -> Rebuild Configuration and Restart Apache
-process from installing IO::Compress::Zlib version 2.006 until a new+
-version is available that fixes this problem.+
-For non-cPanel servers that experience this issue, it is also possible to+Note:
-resolve this manually by performing the following steps:+The Apache configuration may be rebuilt as a result of other changes made in the WHM. Your new installation may
 +not experience this issue as a result the the Apache configuration being rebuilt automatically.
-1. SSH into your server as root. 
-2. Execute the following commands: 
-wget 
-http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/IO-Compress-Base-2.006.tar.gz 
-tar xfzv IO-Compress-Base-2.006.tar.gz 
-cd IO-Compress-Base-2.006 
-perl Makefile.PL 
-make 
-make install 
-The manual fix will also work for a cPanel server. 
-In order to expedite the process, we have also updated all published builds to include the fix.+---------------------
 +</pre>
 +==January 5, 2010==
 +<pre>
 +NOC:
-If you incur any difficulties during the update process or have any questions+You are receiving this communication because you are listed as the
-or concerns you wish us to address, please contact our support team by+Technical Contact contact for Cyber Wurx, LLC.
-opening a support ticket though the manage interface.+
 +Greetings:
---+The Quality Assurance team discovered a bug within the SpamAssassin ruleset that will mark messages sent in the
-Matthew Carey+year 2010 (that's today) and beyond with a higher spam score than expected. This bug can result in legitimate mail
-Technical Support Manager+being flagged as spam.
-techmgr@cpanel.net+ 
-+17135290800 x 4041+The cPanel Development team has issued a hot fix that will address this issue and will automatically update the
 +SpamAssassin ruleset to resolve this issue. If you have automatic cPanel updates enabled, no further action is required.
 + 
 +If you do not have automatic cPanel updates enabled, you can manually update the SpamAssassin ruleset by executing
 +the following commands in a root shell:
 + 
 +/scripts/autorepair spamd_y2010_fix
 + 
 +For a more detailed explanation and information on resolving this problem on a non-cPanel environment,
 +please review:
 + 
 +https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269
 + 
 +As always, the entire cPanel team has pulled together to provide a rapid response to this issue as we realize
 +proper email delivery is mission critical.
 + 
 +If you need any assistance, our 24x7 Technical Analyst team is standing by to provide you with further instructions,
 +answers, and solutions to this bug. To reach them please submit a ticket via:
 + 
 +https://tickets.cpanel.net/submit/index.cgi?step=2&reqtype=tickets&product=cpanel
 + 
 +You can also join the discussion on the SpamAssassin bug at
 +http://forums.cpanel.net/f43/spamassassin-fh_date_past_20xx-0-0-rule-bug-142725.html
 + 
 +Happy New Year,
 +The cPanel Team
 + 
 + 
 + 
 + 
 +---------------------
 +</pre>
 + 
 +==October 24, 2009==
 +<pre>
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +Technical Contact contact for Cyber Wurx, LLC.
 + 
 +Recent versions of Bind distributed by RedHat and CentOS enable strict zone checking at startup time. This setting
 +can potentially cause problems for Bind users with a large number of zone files or syntax errors in individual zone
 +files. In these circumstances, users may experience an inability to restart Bind after a shutdown.
 + 
 +cPanel has produced and distributed an autofixer for this condition. This repair will run automatically on all
 +systems with updates enabled. However, cPanel checks only occur at specific times and depending upon update
 +schedules, users experiencing issues restarting Bind may benefit from manually executing the code to disable strict
 +zone checking. You may safely execute the autofixer at your discretion by running the following command:
 + 
 +/scripts/autorepair bind_disable_checkzone
 + 
 +If you have any questions, please feel free to open a ticket at https://tickets.cpanel.net/submit/
 + 
 +Thank You
 +-cPanel Staff
 + 
 + 
 + 
 +---------------------
 +</pre>
 + 
 +==July 26, 2009==
 +<pre>
 + NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +cPanel released new builds for 11.24.5 (Build ID 37629) into the
 +CURRENT and RELEASE branches. These builds are intended to address
 +issues arising during new installations. Recent changes to the CPAN
 +(Comprehensive Perl Archive Network) mirror list resulted in a failure
 +of cPanel software to automatically configure the mirrors used to
 +retrieve CPAN modules. This failure could possibly result in new
 +installations hanging, requiring manual intervention.
 + 
 +This release should address the know circumstances of the issue.
 +Additional changes will be made to meet any requirements not
 +anticipated by cPanel software in relation to automatic configuration
 +of CPAN. cPanel would like to thank you for your patience while
 +addressing these issues.
 + 
 +If you have any questions please contact us though manage2, or https://tickets.cpanel.net/submit/!
 + 
 +Thank You
 + 
 +Eric Gregory
 +cPanel, Inc.
 +</pre>
 + 
 +==May 28, 2008==
 +<pre>
 +cPanel 11.23 RELEASE Announcement
 + 
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +cPanel 11.23 introduces a number of exciting changes to our industry leading control panel product.
 +While there are many changes on the backend to cPanel and WHM with the 11.23 release,
 +we'll focus on four main areas: Memory Usage Reduction, Mail Flexibility and Efficiency,
 +Backups and Transfers, and User Specific Changes.
 + 
 +Memory Usage
 +----------------------
 + 
 +We aimed at reducing the memory footprint of cPanel with the 11.23 release.
 +Two major changes in this area are VPS Optimized and Tailwatch.
 +These changes were discussed earlier on the cPanel blog (http://blog.cpanel.net/?p=37).
 +Both of these changes are part of an overall focus in reducing memory overhead of the cPanel product,
 +a focus that extends beyond just our customers using VPS setups.
 +The end result is a more responsive product that also uses less memory (up to 60% less standing memory usage on a VPS).
 + 
 + 
 +Mail Flexibility and Efficiency
 +---------------------------------------
 + 
 +Several important changes pertaining to mail handling and usage are available in 11.23. cPanel 11.23
 +introduces full support for the Roundcube (http://roundcube.net) webmail interface.
 +This provides a nice modern alternative for webmail users. Also, it is now possible to have Exim
 +send mail using the IP address dedicated to an account. This not only brings in a much requested
 +feature, but also resolves issues with using SPF records on accounts with dedicated IP addresses.
 +We have also introduced a SPF preference in the Exim Configuration editor to enable SPF checking
 +at SMTP time. Running SPF checks at SMTP time, rather than during SpamAssassin greatly speeds up
 +the mail delivery process on your server.
 + 
 + 
 +Backups and Transfers
 +--------------------------------
 + 
 +cPanel account backup and transfer utilities have been greatly improved in cPanel 11.23.
 +In 11.23 when transferring accounts, the utilities use WHM instead of rsync in order to
 +improve speed and deal better with large file sizes. Also, more information about the accounts
 +being transferred is available, such as disk space those accounts are currently using.
 +Also the option to express transfer accounts from other cPanel servers has been added in
 +order to speed up transfers.
 + 
 + 
 + 
 +User Specific Changes
 +--------------------------------
 + 
 +In order to meet the needs of users on corporate proxies who cannot access cPanel, Webmail
 +and WHM on the regular ports, a proxy system has been introduced to cPanel 11.23 which allows
 +access to each service through a subdomain. For example, a user can now access cPanel at
 +http://cpanel.example.com instead of https://example.com:2083/.
 + 
 +Additionally, a mechanism has been built into cPanel to notify users of SSL certificates which
 +will expire soon. As it is highly important to ensure your SSL certificates are functioning properly,
 +users will be alerted 30 days before their certificate is due to expire so they have ample time to
 +renew their certificate.
 + 
 +Along with these changes, many products such as PHPMyAdmin which are shipped with cPanel have been
 +upgraded to newer and far more responsive versions in order to improve the domain owner experience.
 + 
 + 
 +While the above features provide a great benefit to server administrators and end users, they are only
 +a few of the changes that are brought about by cPanel 11.23. Other changes such as DNS record type
 +support have been documented in the cPanel change log at http://changelog.cpanel.net
 + 
 +If you wish to stay on cPanel 11.18, you should change your update preferences to use STABLE builds only.
 + 
 + 
 + 
 + 
 + 
 +---------------------
 +</pre>
 + 
 +==May 2, 2008==
 +<pre>
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +Several potential security issues have been identified with cPanel software and Horde, a 3rd party bundled application.
 +cPanel releases prior to 11.18.4 and 11.22.2 are susceptible to security issues, which range in severity from trivial
 +to medium-critical. Along with the discovery of these potential issues, cPanel has released a new security tool to
 +provide users with protection from XSRF attacks.
 + 
 + 
 + 
 +Update Advisory
 +==============================
 +All STABLE and RELEASE users are strongly urged to update to their respective 11.18.5 release. CURRENT and EDGE users
 +should update to the latest 11.22.3 release. No releases are deemed susceptible to severe, critical or root access
 +vulnerabilities.
 + 
 + 
 +XSRF Protection
 +==============================
 +cPanel has also introduced a tool designed to protect against a category of attacks known as cross-site request
 +forgery (XSRF). This tool will validate the browser referrer information against an approved list of domains.
 + 
 +The list of approved domains is automatically determined according to the system's configuration. Any blocked requests
 +are presented to the end user for approval. This additional step will minimize disruption of workflow while protecting
 +the user from an outside XSRF attack. This check will not prevent bookmarked links in modern browsers from working normally.
 + 
 +XSRF protection is not enabled by default. It is controlled via WHM's Tweak Settings under the Security heading. The
 +protection may also be enabled manually by adding the following line to the end of /var/cpanel/cpanel.config:
 + 
 +referrersafety=1
 + 
 +and restarting cpsrvd by executing /usr/local/cpanel/startup.
 + 
 + 
 +Credits
 +================================
 +cPanel Security Auditing
 +Jeff Petersen ( Myriad Network )
 +Cassidy B. Larson ( InfoWest, Inc. )
 +Bugtraq ( http://www.securityfocus.com/archive/1/491230 )
 +Matteo Carli
 +Linux_Drox
 + 
 + 
 + 
 + 
 + 
 +---------------------
 +</pre>
 + 
 +==March 10, 2008==
 +<pre>
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +Summary:
 +The Horde webmail application framework has been updated to 3.1.7. Upgrades have
 +been made in cPanel's PHP application security model.
 + 
 +Description:
 +The Horde webmail application framework has been updated to 3.1.7 for the official
 +fix to the previously announced arbitrary file inclusion vulnerability. cPanel has
 +also made upgrades in cPanel's PHP application security model for Horde,
 +PHPMyAdmin, and PHPPGAdmin. These upgrades have been made to minimize or mitigate
 +undiscovered vulnerabilities in these third-party applications while running within
 +a cPanel installation.
 + 
 +Fix Details:
 +It is recommended that all cPanel servers running Horde be updated to either
 +cPanel 11.18.3 or cPanel 11.19.3. If you do not wish to update cPanel, it is
 +strongly recommended that you keep horde disabled until these updates have been
 +applied. You can disable horde on your cPanel system by unchecking WHM ->
 +Server Configuration -> Tweak Settings -> Mail -> Horde Webmail, and saving with
 +the new settings.
 + 
 +You can check your current version of cPanel by executing:
 +/usr/local/cpanel/cpanel -V
 + 
 +Updates can be run via the following command executed from a root shell:
 +/scripts/upcp
 + 
 +Updates can be run through WHM as well. Login to WHM, then select cPanel -> Upgrade
 +to Latest Version -> Click to Upgrade.
 + 
 +References:
 +http://lists.horde.org/archives/announce/2008/000382.html
 + 
 +Credits:
 +cPanel would also like to thank Jeff Petersen and Rob Brown for the additional
 +security information provided with regards to this update.
 + 
 +---------------------
 +</pre>
 + 
 +==Jan 15, 2008==
 +<pre>
 +NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +A recent update of the Perl module PathTools which provides Cwd and the File::Spec module namespace introduces usage of Perl 5.10 functions.
 +This change will result in an undefined symbol error similar to:
 + 
 +symbol lookup error: /usr/lib/perl5/5.8.8/i686-linux/auto/Cwd/Cwd.so: undefined symbol: strlcpy
 + 
 +More Information about this problem is available in CPAN's bug tracking system: http://rt.cpan.org/Public/Bug/Display.html?id=32296
 + 
 +On cPanel systems this issue will be immediately evident in the cPanel user interface for MySQL, resulting in a failure to display any end
 +user databases as well as preventing any modifications to MySQL configurations.
 + 
 +This issue has been addressed in the cPanel code base and systems running cPanel 11 will be automatically repaired. This issue can be manually
 +repaired on cPanel 10 systems by running the following commands:
 + 
 +rm -f /home/.cpcpan/modules.versions
 +/scripts/perlinstaller --force Cwd
 + 
 +cPanel recommends updating any systems running versions of cPanel less than 11 to the latest available version.
 + 
 +PathTools 3.2501 is latest working version of the module. This version can be found on CPAN at the following URL:
 + 
 +http://search.cpan.org/~kwilliams/PathTools-3.2501/
 + 
 +The direct download URL for PathTools 3.2501 provided by cPanel is:
 + 
 +http://httpupdate.cpanel.net/CPAN/authors/id/K/KW/KWILLIAMS/PathTools-3.2501.tar.gz
 + 
 + 
 + 
 +---------------------
 +</pre>
 + 
 +== Oct 25, 2007 ==
 +<pre>
 +From billing@cpanel.net
 +Subject [cPanel] Updating to builds later then 16800 recommend.
 +Body NOC:
 + 
 +You are receiving this communication because you are listed as the
 +tech contact for Cyber Wurx, LLC.
 + 
 +We are currently tracking a potential denial of service issue with builds older then 16800 (early September).
 +At this time, we recommend customers that are still running these older builds update to any of the currently
 +released versions.
 + 
 +The latest builds are:
 + 
 +11.11.0-STABLE_16999
 +11.15.0-RELEASE_17665
 +11.15.0-CURRENT_17700
 +11.15.0-EDGE_17700
 + 
 +More information will be provided if and when it becomes available. Please note that this may be an unrelated
 +issue, and that this notice only serves as an early warning.
 + 
 +-cPanel Support Team
 + 
 + 
 + 
 + 
 + 
 +---------------------
</pre> </pre>
Line 232: Line 594:
cPanel cPanel
mattc@cpanel.net mattc@cpanel.net
-</pre> 
- 
-== Oct 25, 2007 == 
-<pre> 
-From billing@cpanel.net 
-Subject [cPanel] Updating to builds later then 16800 recommend. 
-Body NOC: 
- 
-You are receiving this communication because you are listed as the 
-tech contact for Cyber Wurx, LLC. 
- 
-We are currently tracking a potential denial of service issue with builds older then 16800 (early September). At this time, we recommend customers that are still running these older builds update to any of the currently released versions. 
- 
-The latest builds are: 
- 
-11.11.0-STABLE_16999 
-11.15.0-RELEASE_17665 
-11.15.0-CURRENT_17700 
-11.15.0-EDGE_17700 
- 
-More information will be provided if and when it becomes available. Please note that this may be an unrelated issue, and that this notice only serves as an early warning. 
- 
--cPanel Support Team 
- 
- 
- 
- 
- 
---------------------- 
</pre> </pre>

Current revision

Contents

September 20, 2010

NOC:

You are receiving this communication because you are listed as the
Technical Contact contact for Cyber Wurx, LLC.

Greetings,

Please pass this very important announcement to Operations or your Technical Support team.

A Linux Kernel Exploit has been released that directly impacts all 64-bit kernels. It is 
highly recommended you review the links below to gather more information on this exploit.

http://forums.cpanel.net/f185/x86_64-kernel-exploit-165758.html#post692222
https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml
http://linux.slashdot.org/article.pl?sid=10/09/20/0217204

cPanel is providing this as information only. The scope of support that is provided with 
cPanel/WHM does not include security related operating system support. Please seek the 
advice of an expert if you are unsure or have further questions about the workaround or exploit.





---------------------

January 13, 2010

NOC:

You are receiving this communication because you are listed as the
Technical Contact contact for Cyber Wurx, LLC.

Problem:
The release of 11.25.0-RELEASE_42399 and 11.25.0-CURRENT_42399 introduced a configuration issue that may cause 
Apache configuration syntax errors on servers with no accounts when the mod_userdir tweak is enabled. The 
condition will present itself upon addition of the first account to the server. This issue is quickly addressed 
by rebuilding the Apache configuration file.

Symptoms:
The following error can be seen in the cpanel error_log and when attempting to restart Apache:

UserDir "enable" keyword requires a list of usernames

Newly created websites would be sent to defaultwebpage.cgi instead of the appropriate document root.

Resolutions:
1) New builds, 11.25.0-CURRENT_42400 and 11.25.0-RELEASE_42400, have been published to address the issue. This
issue will not be present on subsequent new installations. Upgrading a currently affected system will resolve 
this issue.

2) Rebuilding the Apache configuration after the addition of the first account will permanently resolve this 
issue.

From the command line:
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd

or

/scripts/autorepair userdir_enable_fix
/scripts/restartsrv_httpd


From the WHM:
Service Configuration -> Apache Configuration -> Global Configuration ->
Save -> Rebuild Configuration and Restart Apache

Note:
The Apache configuration may be rebuilt as a result of other changes made in the WHM. Your new installation may
not experience this issue as a result the the Apache configuration being rebuilt automatically.



---------------------

January 5, 2010

NOC:

You are receiving this communication because you are listed as the
Technical Contact contact for Cyber Wurx, LLC.

Greetings:

The Quality Assurance team discovered a bug within the SpamAssassin ruleset that will mark messages sent in the 
year 2010 (that's today) and beyond with a higher spam score than expected. This bug can result in legitimate mail
being flagged as spam.

The cPanel Development team has issued a hot fix that will address this issue and will automatically update the 
SpamAssassin ruleset to resolve this issue. If you have automatic cPanel updates enabled, no further action is required.

If you do not have automatic cPanel updates enabled, you can manually update the SpamAssassin ruleset by executing
the following commands in a root shell:

/scripts/autorepair spamd_y2010_fix

For a more detailed explanation and information on resolving this problem on a non-cPanel environment,
please review:

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269

As always, the entire cPanel team has pulled together to provide a rapid response to this issue as we realize
proper email delivery is mission critical.

If you need any assistance, our 24x7 Technical Analyst team is standing by to provide you with further instructions,
answers, and solutions to this bug. To reach them please submit a ticket via:

https://tickets.cpanel.net/submit/index.cgi?step=2&reqtype=tickets&product=cpanel

You can also join the discussion on the SpamAssassin bug at 
http://forums.cpanel.net/f43/spamassassin-fh_date_past_20xx-0-0-rule-bug-142725.html

Happy New Year,
The cPanel Team




---------------------

October 24, 2009

NOC:

You are receiving this communication because you are listed as the
Technical Contact contact for Cyber Wurx, LLC.

Recent versions of Bind distributed by RedHat and CentOS enable strict zone checking at startup time. This setting 
can potentially cause problems for Bind users with a large number of zone files or syntax errors in individual zone 
files. In these circumstances, users may experience an inability to restart Bind after a shutdown.

cPanel has produced and distributed an autofixer for this condition. This repair will run automatically on all
systems with updates enabled. However, cPanel checks only occur at specific times and depending upon update 
schedules, users experiencing issues restarting Bind may benefit from manually executing the code to disable strict 
zone checking. You may safely execute the autofixer at your discretion by running the following command:

/scripts/autorepair bind_disable_checkzone

If you have any questions, please feel free to open a ticket at https://tickets.cpanel.net/submit/

Thank You
-cPanel Staff



---------------------

July 26, 2009

  	 NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

cPanel released new builds for 11.24.5 (Build ID 37629) into the
CURRENT and RELEASE branches. These builds are intended to address
issues arising during new installations. Recent changes to the CPAN
(Comprehensive Perl Archive Network) mirror list resulted in a failure
of cPanel software to automatically configure the mirrors used to
retrieve CPAN modules. This failure could possibly result in new
installations hanging, requiring manual intervention.

This release should address the know circumstances of the issue.
Additional changes will be made to meet any requirements not
anticipated by cPanel software in relation to automatic configuration
of CPAN. cPanel would like to thank you for your patience while
addressing these issues.

If you have any questions please contact us though manage2, or https://tickets.cpanel.net/submit/!

Thank You

Eric Gregory
cPanel, Inc.

May 28, 2008

cPanel 11.23 RELEASE Announcement

NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

cPanel 11.23 introduces a number of exciting changes to our industry leading control panel product.
While there are many changes on the backend to cPanel and WHM with the 11.23 release, 
we'll focus on four main areas: Memory Usage Reduction, Mail Flexibility and Efficiency, 
Backups and Transfers, and User Specific Changes.

Memory Usage
----------------------

We aimed at reducing the memory footprint of cPanel with the 11.23 release.
Two major changes in this area are VPS Optimized and Tailwatch.
These changes were discussed earlier on the cPanel blog (http://blog.cpanel.net/?p=37).
Both of these changes are part of an overall focus in reducing memory overhead of the cPanel product,
a focus that extends beyond just our customers using VPS setups.
The end result is a more responsive product that also uses less memory (up to 60% less standing memory usage on a VPS).


Mail Flexibility and Efficiency
---------------------------------------

Several important changes pertaining to mail handling and usage are available in 11.23. cPanel 11.23
introduces full support for the Roundcube (http://roundcube.net) webmail interface.
This provides a nice modern alternative for webmail users. Also, it is now possible to have Exim
send mail using the IP address dedicated to an account. This not only brings in a much requested
feature, but also resolves issues with using SPF records on accounts with dedicated IP addresses.
We have also introduced a SPF preference in the Exim Configuration editor to enable SPF checking
at SMTP time. Running SPF checks at SMTP time, rather than during SpamAssassin greatly speeds up 
the mail delivery process on your server.


Backups and Transfers
--------------------------------

cPanel account backup and transfer utilities have been greatly improved in cPanel 11.23.
In 11.23 when transferring accounts, the utilities use WHM instead of rsync in order to
improve speed and deal better with large file sizes. Also, more information about the accounts
being transferred is available, such as disk space those accounts are currently using.
Also the option to express transfer accounts from other cPanel servers has been added in
order to speed up transfers.



User Specific Changes
--------------------------------

In order to meet the needs of users on corporate proxies who cannot access cPanel, Webmail
and WHM on the regular ports, a proxy system has been introduced to cPanel 11.23 which allows
access to each service through a subdomain. For example, a user can now access cPanel at
http://cpanel.example.com instead of https://example.com:2083/.

Additionally, a mechanism has been built into cPanel to notify users of SSL certificates which
will expire soon. As it is highly important to ensure your SSL certificates are functioning properly,
users will be alerted 30 days before their certificate is due to expire so they have ample time to
renew their certificate.

Along with these changes, many products such as PHPMyAdmin which are shipped with cPanel have been
upgraded to newer and far more responsive versions in order to improve the domain owner experience.


While the above features provide a great benefit to server administrators and end users, they are only
a few of the changes that are brought about by cPanel 11.23. Other changes such as DNS record type
support have been documented in the cPanel change log at http://changelog.cpanel.net

If you wish to stay on cPanel 11.18, you should change your update preferences to use STABLE builds only.





---------------------

May 2, 2008

NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

Several potential security issues have been identified with cPanel software and Horde, a 3rd party bundled application.
cPanel releases prior to 11.18.4 and 11.22.2 are susceptible to security issues, which range in severity from trivial 
to medium-critical. Along with the discovery of these potential issues, cPanel has released a new security tool to 
provide users with protection from XSRF attacks.



Update Advisory
==============================
All STABLE and RELEASE users are strongly urged to update to their respective 11.18.5 release. CURRENT and EDGE users
should update to the latest 11.22.3 release. No releases are deemed susceptible to severe, critical or root access 
vulnerabilities.


XSRF Protection
==============================
cPanel has also introduced a tool designed to protect against a category of attacks known as cross-site request 
forgery (XSRF). This tool will validate the browser referrer information against an approved list of domains.

The list of approved domains is automatically determined according to the system's configuration. Any blocked requests
are presented to the end user for approval. This additional step will minimize disruption of workflow while protecting
the user from an outside XSRF attack. This check will not prevent bookmarked links in modern browsers from working normally.

XSRF protection is not enabled by default. It is controlled via WHM's Tweak Settings under the Security heading. The
protection may also be enabled manually by adding the following line to the end of /var/cpanel/cpanel.config:

referrersafety=1

and restarting cpsrvd by executing /usr/local/cpanel/startup.


Credits
================================
cPanel Security Auditing
Jeff Petersen ( Myriad Network )
Cassidy B. Larson ( InfoWest, Inc. )
Bugtraq ( http://www.securityfocus.com/archive/1/491230 )
Matteo Carli
Linux_Drox





---------------------

March 10, 2008

NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

Summary:
The Horde webmail application framework has been updated to 3.1.7. Upgrades have
been made in cPanel's PHP application security model.

Description:
The Horde webmail application framework has been updated to 3.1.7 for the official
fix to the previously announced arbitrary file inclusion vulnerability. cPanel has
also made upgrades in cPanel's PHP application security model for Horde,
PHPMyAdmin, and PHPPGAdmin. These upgrades have been made to minimize or mitigate
undiscovered vulnerabilities in these third-party applications while running within
a cPanel installation.

Fix Details:
It is recommended that all cPanel servers running Horde be updated to either
cPanel 11.18.3 or cPanel 11.19.3. If you do not wish to update cPanel, it is
strongly recommended that you keep horde disabled until these updates have been
applied. You can disable horde on your cPanel system by unchecking WHM ->
Server Configuration -> Tweak Settings -> Mail -> Horde Webmail, and saving with
the new settings.

You can check your current version of cPanel by executing:
/usr/local/cpanel/cpanel -V

Updates can be run via the following command executed from a root shell:
/scripts/upcp

Updates can be run through WHM as well. Login to WHM, then select cPanel -> Upgrade
to Latest Version -> Click to Upgrade.

References:
http://lists.horde.org/archives/announce/2008/000382.html

Credits:
cPanel would also like to thank Jeff Petersen and Rob Brown for the additional
security information provided with regards to this update.

---------------------

Jan 15, 2008

NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

A recent update of the Perl module PathTools which provides Cwd and the File::Spec module namespace introduces usage of Perl 5.10 functions.
This change will result in an undefined symbol error similar to:

symbol lookup error: /usr/lib/perl5/5.8.8/i686-linux/auto/Cwd/Cwd.so: undefined symbol: strlcpy

More Information about this problem is available in CPAN's bug tracking system: http://rt.cpan.org/Public/Bug/Display.html?id=32296

On cPanel systems this issue will be immediately evident in the cPanel user interface for MySQL, resulting in a failure to display any end
user databases as well as preventing any modifications to MySQL configurations.

This issue has been addressed in the cPanel code base and systems running cPanel 11 will be automatically repaired. This issue can be manually
repaired on cPanel 10 systems by running the following commands:

rm -f /home/.cpcpan/modules.versions
/scripts/perlinstaller --force Cwd

cPanel recommends updating any systems running versions of cPanel less than 11 to the latest available version.

PathTools 3.2501 is latest working version of the module. This version can be found on CPAN at the following URL:

http://search.cpan.org/~kwilliams/PathTools-3.2501/

The direct download URL for PathTools 3.2501 provided by cPanel is:

http://httpupdate.cpanel.net/CPAN/authors/id/K/KW/KWILLIAMS/PathTools-3.2501.tar.gz



---------------------

Oct 25, 2007

From   	 billing@cpanel.net
Subject 	[cPanel] Updating to builds later then 16800 recommend.
Body 	NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

We are currently tracking a potential denial of service issue with builds older then 16800 (early September).
At this time, we recommend customers that are still running these older builds update to any of the currently
released versions.

The latest builds are:

11.11.0-STABLE_16999
11.15.0-RELEASE_17665
11.15.0-CURRENT_17700
11.15.0-EDGE_17700

More information will be provided if and when it becomes available. Please note that this may be an unrelated 
issue, and that this notice only serves as an early warning.

-cPanel Support Team





---------------------

Aug 24, 2007

From   	 billing@cpanel.net
Subject 	cPanel Advisory: Spamassassin 100% cpu usage.
Body 	NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

Dear cPanel Partner,

There have been numerous reports recently regarding excessive CPU
utilization by spamd. This is occurring as a result of a bug in the
berkelydb implementation used by SpamAssassin, which causes spamd children
to enter an infinite loop when attempting to open a temporary file in the
user's ~./.spamassassin directory.

You can determine whether or not this is the case by executing a trace
against the spamd process in question, and monitoring the trace for
repeated calls to open() a file in ~/.spamassassin/__db.[DB_NAME].

For example, you can launch a trace on the affected process with the
following command:

strace -vvFf -s 4096 -e trace=file -p [PID]

A trace on an affected server would repeated output something similar to
the following:

open("/home/user/.spamassassin/__db.bayes_toks.new",
O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = -1 EEXIST (File exists)
open("/home/user/.spamassassin/__db.bayes_toks.new",
O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = -1 EEXIST (File exists)
open("/home/user/.spamassassin/__db.bayes_toks.new",
O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = -1 EEXIST (File exists)
open("/home/user/.spamassassin/__db.bayes_toks.new",
O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = -1 EEXIST (File exists)

We have devised a work around for SpamAssassin, which can be applied by
taking the following steps:

killall -TERM spamd # ensure all hung spamd processes are terminated
killall -9 spamd # ensure all hung spamd processes are terminated

Visit the following WHM URL:
https://__your_sever_ip_here__:2087/scripts2/autofixer
Enter spamd_dbm_fix into the input field, and click 'Submit'

Once the patch has been applied, the spamd loads should subside. If the
problem persists after applying the patch, please let our support team
know, and they will investigate any outstanding issues.

We have notified the SpamAssassin developers of this issue, and expect
that this will be resolved in versions 3.2.4 and greater.





---------------------

Aug 17, 2007

From   	 billing@cpanel.net
Subject 	Spamassassin & perl 5.8.8
Body 	NOC:

You are receiving this communication because you are listed as the
tech contact for Cyber Wurx, LLC.

Dear cPanel Partner,


There have been reported issues recently with SpamAssassin in regards to:


1. Load Issues
2. Spamd locking
3. Not catching all spam e-mail


To resolve these issues, please upgrade Perl to version 5.8.8 which is
recommended for using cPanel 11.


You can ensure that each installed module gets carried over to
the updated Perl build with the use of the “autobundle” CPAN feature.


You can create a bundle of the currently installed modules
by executing the following while logged in via SSH as root:


perl -MCPAN -e 'autobundle'


Once completed, you should see the following output before getting
returned to the shell:


'Wrote bundle file /home/.cpan/Bundle/Snapshot_2007_08_16_00.pm'


Once you've made note of this file name, you can proceed with the update.


On linux based systems, you should be able to update Perl using
the installer provided at layer1.cpanel.net:


cd /root
wget http://layer1.cpanel.net/perl588installer.tar.gz
tar -zxf perl588installer.tar.gz
cd perl588installer
./install


On FreeBSD based systems, you will need to install Perl from ports.


This will take a few minutes, so take a coffee break and check
the status when you return. Once the update has completed, you
can install all previously installed modules from the CPAN bundle
by executing the following (with the bundle name adjusted to the
name of the bundle generated earlier):


perl -MCPAN -e 'install Bundle::Snapshot_2007_08_16_00'


This should install each of the modules present in the bundle,
assuming there are no issues during the installation (dependencies,
network, etc).


Once this has completed, execute the following to ensure that all modules
required by cPanel are installed, and restart cPanel:


/usr/local/cpanel/bin/checkperlmodules
/usr/local/cpanel/startup




For more details on the cPanel 11 updates, please refer to the release
notes at the following URL:
http://www.cpanel.net/products/cPanelandWHM/linux/cpanel11/releasenotes.pdf


As always, if you incur any complications during the updates, or have
any questions/concerns you would like us to address, contact our support
team by opening a support ticket, and we will gladly assist you!






Matt Carey
Technical Support Manager
cPanel
mattc@cpanel.net
Personal tools