Event Date: April 24th, 7:30AM CDT until April 24th, 4:30PM CDT
Event Location: Elk Grove Village, DF-CH1 Facility
Impact: None Expected

Event: Please be advised that Touch Support has scheduled HEPA vacuuming and access floor cleaning for CR-3, CR-10, CR-14, and CR-28 on Thursday, April 24th, 2014. The floor cleaning will be conducted between 7:30 AM and 4:30 PM Central Time.

Our operations team is standing by to assist you at any time. Please feel free to contact the Network Operations Center at (888) 45-TOUCH should you have any questions or concerns regarding this advisory.

The following advisory is being sent to you to inform you of upcoming maintenance work that may impact your service.

Event Date: April 10th, 7:30 AM CDT until April 11th, 4:30 PM CDT
Event Location: Elk Grove Village, DF-CH1 Facility
Impact: No impact is expected

Event: DuPont Fabros Technology, L.P. has scheduled the Semi-Annual preventative maintenance on CRAH units in Computer Room 28. The maintenance will begin at approximately 07:30 AM site local time by DuPont technicians.

Our operations team is standing by to assist you at any time. Please feel free to contact the Network Operations Center at (888) 45-TOUCH should you have any questions or concerns regarding this advisory.

SUMMARY
cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27.

AFFECTED VERSIONS
All versions of Apache version 2.2 before 2.2.27.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 - MEDIUM

Apache 2.2.27
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 - MEDIUM

Apache 2.2.27
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.14 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438
http://httpd.apache.org/docs/trunk/new_features_2_2.html

cPanel TSR-2014-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Critical.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

If you have questions about how your server is configured please don't hesitate to contact us at sysadmin@touchsupport.com.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.42.0.23 & Greater
* 11.40.1.13 & Greater
* 11.38.2.23 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 47 vulnerabilities in cPanel & WHM software versions 11.42, 11.40, and 11.38.

Additional information is scheduled for release on March 26th, 2014.

cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

AFFECTED VERSIONS
All versions of Apache version 2.4 before 2.4.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 - MEDIUM

Apache 2.4.9
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 - MEDIUM

Apache 2.4.9
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438
http://httpd.apache.org/docs/trunk/new_features_2_4.html

The following advisory is being sent to you to inform you of upcoming maintenance work that may impact your service.

Event Date: March 18th, 2014 7:30AM CDT until March 19th, 2014 4:00PM CDT
Event Location: Elk Grove Village, DF-CH1 Facility
Impact: Facility STS/PDU supply will be single sourced for one and a half hours, however no impact to critical load is anticipated.

Event: Please be advised that our data center has scheduled maintenance inspection of the STS/PDU units within Computer Room 28 to occur on weekdays between 7:30AM CDT and 4:00PM CDT on March 18th, 2014 through March 19th,2014.

During this time, STS/PDUs will remain energized. Work is expected to take approximately 1.5 hours per unit, and STS/PDU supply will be single sourced. No more than one STS/PDU will be single sourced at any time. No impact to critical load is anticipated.

Our operations team is standing by to assist you at any time. Please feel free to contact the Network Operations Center at (888) 45-TOUCH should you have any questions or concerns regarding this advisory.