Announcement - cPanel security update

                    

Dear Valued Clients,


A bug report about a heap overflow in Exim and a patch for the exploit was released by cPanel.


News:

https://documentation.cpanel.net/display/CKB/Exim+CVE-2019-16928


What is Exim?

Exim is the mail server software cPanel & WHM servers use.


How to protect yourself?

Kindly perform an upgrade to a supported version of cPanel & WHM that are immune to the bug.


How to check your current Exim version?

You can run this command on the server:

=========

rpm -q exim

=========


Expected response on version 82 and the EDGE tier:

exim-4.92-4.cp1180.x86_64


Expected response on LTS version 78:

exim-4.92-6.cp1178.x86_64


Those cPanel Dedicated/VPS clients who not display updated versions after tryout the above steps may perform cPanel update urgently or contact support team by submitting a ticket at server-support@exabytes.my


How to check cPanel version?


How to update cPanel version?

1) Log in your WHM as root.


2) Navigate to cPanel >> Upgrade to Latest Version


3) Click the Click to Upgrade button


4) At the end you will see a message Upgrade complete


How to verify the new Exim RPM was installed:


 Run the following:

rpm -q exim


The output on version 82 and the EDGE tier should resemble below:

exim-4.92-4.cp1180.x86_64


The output on LTS version 78 should resemble below:

exim-4.92-6.cp1178.x86_64


Run the following to ensure the CVE is in the changelog:

rpm -q --changelog exim | grep CVE-2019-16928


The output on LTS version 78, version 82, and the EDGE tier should resemble below:

- Fix buffer overflow in string_vformat.  CVE-2019-16928


If you need further information and clarification on this update or if you experience difficulties after the maintenance period, please contact us via helpdesk at https://support.exabytes.com.my


Best Regards,


Support Team
......................................
Technical Support Department