En

cPanel官网安全更新(2021-10-12)

来源:cPanel官网 发布日期:2021-10-12 阅读次数:84 评论:0

基本信息

发布日期:2021-10-12(官方当地时间)

更新类型:安全更新

更新版本:100.0.0

感知时间:2021-11-18 10:37:58

风险等级:未知

情报贡献:TSRC

更新标题

Change Log for 100.0.0

更新详情

Fixed case COBRA-13435: Make AutoSSL not apply ancestor DCV substition for HTTP DCV.Fixed case CPANEL-38971: Create default SSL files using the default SSL key type.Fixed case CPANEL-39119: Fixed the use of the pkgacct command line options --skipmail and --skippublichtml when using with --incremental.Fixed case CPANEL-39150: Reseller accounts without domains no longer fail when self-changing passwords.Fixed case CPANEL-39172: Ensure cPanel initiated in progress backups are visible in the cPanel UI.Fixed case CPANEL-39173: `retrieve_customizations` WHMAPI call returns valid options instead of array length.Fixed case CPANEL-39224: Install crypt-perl earlier during install.[security] Fixed case SEC-592: Arbitrary code execution via install_locallib_loginprofile script.[security] Fixed case SEC-593: Cpanel::SecureDownload executes shell commands in an insecure manner.[security] Fixed case SEC-597, SEC-598, SEC-599, SEC-608: Stored-XSS Vulnerability in ModSecurity Rules Interface.[security] Fixed case SEC-600: Reflected-XSS Vulnerability in ModSecurity Vendors Interface.[security] Fixed case SEC-602: Self-XSS Vulnerability in WHM Change Hostname interface.[security] Fixed case SEC-603: Self-stored XSS Vulnerability in WHM Edit Reseller Nameservers and Privileges interface.[security] Fixed case SEC-604: Self-XSS Vulnerability in cPanel Default Address Interface.[security] Fixed case SEC-606: Passphrase submitted via GET request in scripts2/dogencrt.Fixed case CPANEL-38971: Use the configured default SSL/TLS key type when resetting the certificate for a service.Fixed case CPANEL-39014: Fix link for downloading archived raw access logs when using the cPanel service subdomain.Fixed case CPANEL-39050: Don't filter packages with extensions unless requested in the search params for whmapi1 matchpkgs.Fixed case CPANEL-39051: Failures to update authorized_keys via the UI will result in an appropriate error message appearing in the UI.Fixed case CPANEL-39081: Disallow entry of orphaned colons in Tweak Setting "Allow server-info and server-status".Fixed case CPANEL-39085: Fixes UI loading error on DynamicDNS page.Fixed case CPANEL-39086: Update cpanel-perl-532-quota to 1.8.2-2.cp1198.Fixed case CPANEL-39103: Update cpanel-php73 to 7.3.32-1.cp1198.Fixed case CPANEL-39149: Ensure main dovecot templates directory is not a broken symlink.Fixed case COBRA-13494: Replace expired hostname certificates.Fixed case CPANEL-38691: Ensure that /var/cpanel/webtemplates retains correct permissions on revert.Fixed case CPANEL-38704: Update cpanel-proftpd to 1.3.6c-3.cp1198.Fixed case CPANEL-38709: When transitioning from a trial retain automatically enabled analytics for root.Fixed case CPANEL-38710: cPanel users can add subdomains to addon domains via the Domains interface within cPanel.Fixed case CPANEL-38785: Fix PopBeforeSMTPSenders on CentOS 8 / AlmaLinux 8.Fixed case CPANEL-38807: Allow "Service Status" to detect Dovecot "imap" as up on Ubuntu.Fixed case CPANEL-38836: Fix backup of Exim configuration.Fixed case CPANEL-38892: UPCP will no longer hang if port 37 (outgoing) is blocked.Fixed case CPANEL-38901: Fix fail-back to installing the default EA4 profile when installing a custom EA4 profile fails.Fixed case CPANEL-38906: Fix Fileman::upload_files operapi-lint errors.Fixed case CPANEL-38920: Trailing colons (:) in server-info and server-status no longer allowed to be persisted.Fixed case CPANEL-38982: Fix non-printable characters in WHMAPI1 call update_sql_config.Fixed case CPANEL-39007: Update cpanel-mailman to 2.1.33-4.cp1198.Fixed case CPANEL-39016: Fixes a false warning message on the DNS Cluster page.Fixed case PH-16792: Ensure style images are rendered properly in WHM customization page when cPanel is using Jupiter theme.Fixed case CPANEL-38222: Fix sync'ing DNS Clusters with DNSSEC keys or invalid SOA records.Fixed case CPANEL-38849: Update cpanel-trigger-os-release to 1.2-1.cp1198.Fixed case CPANEL-38908: Have distro_changed_hook script restart cpsrvd.

软件描述

cPanel 是一套在网页寄存业中最享负盛名的商业软件,是基于于 Linux 和 BSD 系统及以 PHP 开发且性质为闭源软件;提供了足够强大和相当完整的主机管理功能,诸如:Webmail 及多种电邮协议、网页化 FTP 管理、SSH 连线、数据库管理系统、DNS 管理等远端网页式主机管理软件功能。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入