[cPanel-News] SECURITY ADVISORY: Official Horde Update to 3.1.7 and upgrades to cPanel's PHP...

[Eric Gregory]

SECURITY ADVISORY:  Official Horde Update to 3.1.7 and upgrades to 
cPanel's PHP application security model

available in cPanel builds 11.18.3 and 11.19.3.

----------------------

Summary:
 The Horde webmail application framework has been updated to 3.1.7. 
Upgrades have  
 been made in cPanel's PHP application security model.

Description:
  The Horde webmail application framework has been updated to 3.1.7 for 
the official
  fix to the previously announced arbitrary file inclusion 
vulnerability.  cPanel has
  also made upgrades in cPanel's PHP application security model for Horde,
  PHPMyAdmin, and PHPPGAdmin.  These upgrades have been made to minimize 
or mitigate
  undiscovered vulnerabilities in these third-party applications while 
running within
  a cPanel installation.

Fix Details:
  It is recommended that all cPanel servers running Horde be updated to 
either
  cPanel 11.18.3 or cPanel 11.19.3.  If you do not wish to update 
cPanel, it is   
  strongly recommended that you keep Horde disabled until these updates 
have been
  applied. You    can disable horde on your cPanel system by unchecking 
WHM ->
  Server Configuration -> Tweak Settings -> Mail -> Horde Webmail, and 
saving with    
  the new settings.

  You can check your current version of cPanel by executing:
   /usr/local/cpanel/cpanel -V

 Updates can be run via the following command executed from a root shell:
   /scripts/upcp

 Updates can be run through WHM as well.  Login to WHM, then select 
cPanel -> Upgrade
 to Latest Version -> Click to Upgrade.

References:
 http://lists.horde.org/archives/announce/2008/000382.html

Credits:
 cPanel would also like to thank Jeff Petersen and Rob Brown for the 
additional
 security information provided with regards to this update.