ntcpGo new version has been released with a bug fix

ntPHPSelector version 3.0.1 has been released with  a fix for "Missing ntPHPSelector Plugin" in cPanel. 

The new version of ntPHPselector is ready for Centos 6 servers. It is not compatible with Centos 7 servers. If you are using Centos 6, you can update the plugin to the latest version using the following commands.

cd /usr/local/src
wget -N https://nixtree.com/download/free/ntphpselector_manage_beta.sh
sh ntphpselector_manage_beta.sh update

It will install the new version ( 5.6 ) and update the other version to the latest release. So make sure to run this in screen and it take time to complete, since it reuqire to recompile/update all the php versions installed in the server.

Our developers are working with the Centos 7 servers and will release it soon.

Features

[+] Added 5.6 support
[+] Skip the version causing recompile error and install the other versions

Ref : https://nixtree.com/blog/ntphpselector-released-v3-0-0-beta/

In January 2015, Red Hat Product Security addressed the CVE-2015-0204 vulnerability in OpenSSL with this advisory: RHSA-2015-0066. The vulnerability was rated as
having a Moderate impact. This vulnerability is now being referred to as FREAK in the press.

Background Information

OpenSSL clients accepted EXPORT-grade (insecure) keys even when the client had not initially asked for them. This could be exploited using a man-in-the-middle attack,
which would intercept the client's initial request for a standard key and ask the server for an EXPORT-grade key. The client would then accept the weak key, allowing
the attacker to factor it and decrypt communication between the client and the server.

Impact

While the use of EXPORT-grade ciphers is disabled by default in OpenSSL shipped with the latest versions of Red Hat Enterprise Linux (6.6 and 7.0), it can be enabled
by applications that utilize the OpenSSL library. For this reason, the vulnerability is considered to affect all Red Hat Enterprise Linux 6 and 7 systems, including
the Server, Workstation, Desktop, and HPC Node variants, that have not installed the fixed version of OpenSSL packages.

The version of OpenSSL shipped with Red Hat Enterprise Linux 5 is also affected. As Red Hat Enterprise Linux 5 is now in the Production 3 phase of the support and
maintenance life cycle, during which only Critical security advisories are provided, this issue is currently not planned to be addressed in future updates.

Resolution

To eliminate the possibility of exploitation, install the updated OpenSSL packages that have been made available through this advisory: RHSA-2015-0066.

To install the updates, use the yum package manager as follows:

yum update

To only update the OpenSSL package and its dependencies, use:

yum update openssl

We have deployed updates to all servers which has ntServerGuard installed. Servers without ntServerGuard are being patched/updated manually.

You can check the freak vulnerability using the following link "http://www.nagios.com/freak-vulnerability-tester"

If you find your server still has this vulnerability, please feel free to contact our support ASAP.

GHOST Vulnerability ( CVE-2015-0235 )

On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.

Impact
According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems

The updated RPMs provided by RedHat, CentOS and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:

rpm -q --changelog glibc | grep CVE-2015-0235

Please read more about this at the following URLs.

https://documentation.cpanel.net/display/CKB/CVE-2015-0235+GHOST

http://www.openwall.com/lists/oss-security/2015/01/27/9
https://rhn.redhat.com/errata/RHSA-2015-0090.html
https://rhn.redhat.com/errata/RHSA-2015-0092.html
http://cloudlinux.com/blog/clnews/glibc-ghost-remote-vulnerability-cve20150235.php

We have deployed updates to all servers which has ntServerGuard installed. Servers without ntServerGaurd are being patched/updated manually.

If you find your server still has this vulnerability, please feel free to contact our support team ASAP.