cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version: 126.96.36.199, 188.8.131.52, 184.108.40.206 & 220.127.116.11.
It is possible for a reseller to exploit a vulnerability in getpkginfo to open any file on the server, regardless of ownership which could ultimately lead to a root compromise. There is also a directory traversal present.