Server Software Update Notification: 09-13-2010

Monday, 13th September, 2010
18:06pm

Important: This notice contains information for the group of server updates (or dist) occurring September 13, 2010 through September 15, 2010 in all datacenters. Until that time, all of the information included in this document is subject to change.

This document provides information about the dist for all VPS and MPS products, including the following products and platforms:

Linux VPS and MPS (Linux VPS/MPS or Linux)
FreeBSD VPS and MPS version three (VPS/MPS v3 or v3)
FreeBSD VPS and MPS version two (VPS/MPS v2 or v2)

Most updates include the name of the software or service being updated, the new version (if applicable), the reasons for the update, and a Changelog or Readme of the changes (if available).

Action Needed

Most VPS and MPS updates do not require action by customers to receive the full benefits of the update. Some updates may require action by customers to receive all benefits of the update, but usually this action is optional, such as updating to the latest version of software. Updates for each platform in this document are grouped together according to any (optional) action needed or no action needed, with those updates possibly requiring action listed first.

Important updates in this Notification:

The following updates affect popular or important services and programs:

ClamAV (Linux and v3)
MySQL-5.1.47 (Linux and v3)
Dovecot with Maildir fix (Linux and v2)
Proftpd-1.3.3 (Linux)

Linux MPS/VPS

The following updates will be made to the Linux MPS/VPS platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

ClamAV
Xinetd

Possible Action Needed

The following Linux MPS/VPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

Mysql-5.1.47: The vinstall for Mysql 5 will be upgraded to version 5.1.47 to address the security vulnerability discussed here:

http://www.doecirc.energy.gov/bulletins/t-373.shtml

To upgrade existing installations of Mysql 5.1, connect to your server through SSH and execute the following from the command prompt:

# vinstall mysql5.1
Squirrelmail-1.4.19: Squirrelmail will be upgraded to version 1.4.19

To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail

No Action Needed

No Action Required

The following Linux MPS/VPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

ClamAV-0.96.1

ClamAV will be upgraded to version 0.96.1. In addition, the clamav db in /skel will be updated so freshclam doesn't take so long on a new install.

The clamav vuninstall will be updated so that the clamd process will be disabled from starting up on restart of the server.

Dovecot with Maildir fix

A problem was occurring with accounts using Dovecot with Maildir. When a user’s quota was reached, mail would stop delivering to the Maildir (/home/USERID/Maildir) directory and start delivering to the mbox (/var/mail/USERID) file.

Accounts using Dovecot with Maildir and that do not already have the ORGMAIL line in their global procmailrc file will have their procmail rules updated to include the ORGMAIL line to address the problem as shown here:

############DOVECOT-START############
DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/
############DOVECOT-END############

Dovecot vinstall

The Dovecot vinstall has been updated to fix the version strings in the vinstall script to match what the version that is actually being installed.

proftpd-1.3.3

ProFTPd will be upgraded to version 1.3.3.

proftpd.conf

The configuration file for ProFTPD will be updated to change the AllowForeignAddress setting to "Off". This setting should be off by default.

In addition, a problem was occurring with some FTP clients connecting with SSL. To address this problem, the TLSEngine and TLSUseSSCert directives will be moved inside an <IfModule mod_tls.c> block and a disabled TLSOptions of NoSessionReuseRequired will be added with an explanation as shown here:

TLSEngine              On
TLSUseSSCert           On
#  TLSLog              /var/log/proftp-tls-log
#
# mod_tls only accepts SSL/TLS data connections that reuse the SSL session
# of the control connection, as a security measure.  There are some clients
# (e.g. curl) which do not reuse SSL sessions. Uncomment the following line
# to relax the requirement.
#
#  TLSOptions          NoSessionReuseRequired

autoreply

A problem was occurring with autoreply when the FROM: line would span multiple lines causing autoreply to not be able to parse the FROM: line and send a return message. Autoreply will be updated to address this problem.

sudo

The current list of sudo commands will be updated to include the vinstall and vuninstall commands.

expose_php

The expose_php line in the php.ini file will be set to “Off” by default. This change is for PCI.

Rails-2.3.8

The Rails vinstall will be upgraded to version 2.3.8.

vquota

vquota will be updated to address a problem where user soft quotas were allowed to exceed user hard quotas.

vrmuser

vrmuser will be updated to only check directives in the Apache configuration (httpd.conf) file where usernames are expected.

vedituser --password

vedituser will be updated so that the --password flag will properly set the user password.

traceroute

traceroute will be updated to correct a couple of bugs addressed here:

http://rhn.redhat.com/errata/RHBA-2008-0883.html

FreeBSD MPS/VPS v3

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

ClamAV
saslauthd

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

Mysql-5.1.47: The vinstall for Mysql 5 will be upgraded to version 5.1.47 to address the security vulnerability discussed here:

http://www.doecirc.energy.gov/bulletins/t-373.shtml

To upgrade existing installations of Mysql 5.1, connect to your server through SSH and execute the following from the command prompt:

# vinstall mysql5.1
Postgresql-8.2.13: The vinstall for Postgresql8 will be upgraded to version 8.2.13.

To upgrade existing installations of Postgresql8, connect to your server through SSH and execute the following from the command prompt:

# vinstall postgresql8
Squirrelmail-1.4.19: Squirrelmail will be upgraded to version 1.4.19.

To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail
Wordpress-2.8.4: Wordpress will be upgraded to version 2.8.4.

To upgrade existing installations of Wordpress, connect to your server through SSH and execute the following from the command prompt:

# vinstall wordpress
Webalizer-2.21.2: Webalizer will be upgraded to version 2.21.2.

No Action Needed

No Action Required

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

ClamAV-0.96.1

ClamAV will be upgraded to version 0.96.1. In addition, the clamav db in /skel will be updated so freshclam takes less time to complete on a new install.

The clamav vuninstall will be updated so that the clamd process will be disabled from starting up on restart of the server.

proftpd.conf

A problem was occurring with some FTP clients connecting with SSL. To address this problem, the TLSEngine and TLSUseSSCert directives will be moved inside an <IfModule mod_tls.c> block and a disabled TLSOptions of NoSessionReuseRequired will be added with an explanation as shown here:

TLSEngine               On
TLSUseSSCert            On
#  TLSLog               /var/log/proftp-tls-log
#
# mod_tls only accepts SSL/TLS data connections that reuse the SSL session
# of the control connection, as a security measure.  There are some clients
# (e.g. curl) which do not reuse SSL sessions. Uncomment the following line
# to relax the requirement.
#
#  TLSOptions           NoSessionReuseRequired

autoreply

Sudo-1.7.2.7

sudo will be upgraded to version 1.7.2.7 to address the security vulnerabilies CVE-2010-1163 and CVE-2010-1646 discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
http://portaudit.freebsd.org/d42e5b66-6ea0-11df-9c8d-00e0815b8da8.html

In addition, the current list of sudo commands will be updated to include the vinstall and vuninstall commands.

expose_php

The expose_php line in the php.ini file will be set to “Off” by default. This change is for PCI.

vaddhost

Currently only the non-SSL is setup when vaddhost is run with --defaults. vaddhost --default will be updated to add both SSL and non-SSL entries.

vquota

vquota will be updated to address a problem where user soft quotas were allowed to exceed user hard quotas. In addition, non-root filesystems will be filtered out of the vquota output.

vnukelog

vnukelog will be updated to assume the “-a” option when run in a batch (e.g. cron).

Ruby-1.8.7.160_4,1

Ruby will be upgraded to 1.8.7.160.

ruby18-eruby-1.0.5_2

eRuby will be upgraded to version 1.0.5_2.

mod_ruby-1.3.0_1

The mod_ruby Apache module will be updated to version 1.3.0_1.

Python-2.5.5

The Python-2.5 vinstall will be upgraded to version 2.5.5 to address CVE_2009_3560 & CVE-2009-3720.

Python-2.4.5_5.tbz

The Python-2.4 vinstall will be upgraded to version 2.4.5_5.

Metamail vinstall

A problem was occurring with the Metamail vinstall where the vinstall would fail because of a missing dependency. The dependency will be removed from the Metamail vinstall to address this problem.

Samba-3.0.37,1

A problem was occurring with the Samba3 vinstall where the vinstall would fail because of a missing dependency. The Samba3 vinstall will be upgraded to version 3.0.37 to address this problem.

quota command

The quota command will be updated to only show virtual quotas for "/".

Urchin3 vinstall

Urchin3 licenses are no longer available. The Urchin3 vinstall "vinstall urchin" will be removed.

ja-nkf-2.0.9,1

nkf will be upgraded to version 2.0.9.

mutt-devel-lite-1.5.20_1

mutt-ng has been deprecated and will be removed and replaced with mutt-devel using the lite package.

arcconf-v6.10.18359

arcconf will be upgraded to version 6.10.18359.

Portupgrade-2.4.6_3,2

Portupgrade will be upgraded to version 2.4.6.

lcms-1.18a_1,1

lcms will be upgraded to version 1.18a

m4-1.4.13,1

m4 will be upgraded to version 1.4.13.

Readline-6.0_1

Readline will be upgraded to version 6.0.

unrar-3.90.b4,5

unrar will be upgraded to version 3.90.b4.

Popt-1.14

Popt will be upgraded to version 1.14.

Bash-4.0.24

Bash will be upgraded to version 4.0.24.

PNG-1.2.37

PNG will be upgraded to version 1.2.37.

Libksba-1.0.7

Libksba will be upgraded to version 1.07.

GnuTLS-2.8.3

GnuTLS will be upgraded to version 2.8.3 to address the security vulnerabilities CVE-2009-1415, CVE-2009-1416, CVE-2009-1417, and CVE-2009-2730 discussed here:

http://www.gnu.org/software/gnutls/security.html

pinentry-curses-0.7.6

pinentry-curses will be upgraded to version 0.7.6.

Libunrar-3.9.5,1

Libunrar will be upgraded to version 3.9.5.

Vim-Lite-7.2.239

Vim-Lite will be upgraded to version 7.2.239.

Cyrus-sasl-2.1.23

Cyrus-sasl will be upgraded to version 2.1.23.

Cyrus-sasl-saslauthd-2.1.23

Cyrus-sasl-saslauthd will be upgraded to version 2.1.23.

Mime-Support-3.46.1

Mime-Support will be upgraded to version 3.46.1.

Sendmail-rbls

The sendmail-rbls vinstall will be updated to include PBL and Zen to the RBL subscription list.

gtar-1.23

gtar will be upgraded to version 1.23 to address the security vulnerability CVE-2010-0624 discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624

xz-4.999.9_1

xz (previously called LZMA Utils) will be upgraded to version 4.999.9_1.

gmp-5.0.1

GMP will be upgraded to version 5.0.1.

tiff-3.9.4

tiff will be upgraded to version 3.9.4 to address the security vulnerabilities CVE-2009-2347 and CVE-2010-1411 discussed here:

CVE-2009-2347 - http://portaudit.freebsd.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html
CVE-2010-1411 - http://portaudit.freebsd.org/313da7dc-763b-11df-bcce-0018f3e2eb82.html

wtmp

A problem was occurring where sshd connections were not being recorded to the /var/log/wtmp file. The wtmp file will now log sshd connections to correct the problem.

gcc-4.2.5.20090325_2

The gcc-4.2 package required by the clamav-0.96.x series

mpfr-2.4.2

another package that goes with gcc-4.2.xx

FreeBSD MPS/VPS v2

The following updates will be made to the FreeBSD VPS/MPS v2 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

Apache

Possible Action Needed

The following VPS/MPS v2 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

Squirrelmail-1.4.19: Squirrelmail will be upgraded to version 1.4.19.

To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail

No Action Needed

No Action Required

The following VPS/MPS v2 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Dovecot with Maildir fix: A problem was occurring with accounts using Dovecot with Maildir. When a user’s quota was reached, mail would stop delivering to the Maildir (/home/USERID/Maildir) directory and start delivering to the mbox (/var/mail/USERID) file.

Accounts using Dovecot with Maildir and that do not already have the ORGMAIL line in their global procmailrc file will have their procmail rules updated to include the ORGMAIL line to address the problem as shown here:

############DOVECOT-START############
DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/
############DOVECOT-END############
ClamAV db: The clamav db in /skel will be updated so freshclam takes less time to complete on a new install.
autoreply: A problem was occurring with autoreply when the FROM: line would span multiple lines causing autoreply to not be able to parse the FROM: line and send a return message. Autoreply will be updated to address this problem.
expose_php: The expose_php line in the php.ini file will be set to "Off" by default.
vnukelog: vnukelog will be updated to assume the "-a" option when run in a batch (e.g. cron).
vrmuser: vrmuser will be updated to only check directives in the Apache configuration (httpd.conf) file where usernames are expected.
eRuby vinstall: A problem was occurring with the eRuby vinstall where the vinstall would fail because of a missing dependency. The dependency will be removed from the eRuby vinstall to correct this problem.
Spamassassin: The Spamassassin vinstall will be updated to include an entry in the crontab file (/etc/crontab) to run sa-update once a day. In addition, existing installs that do not already have sa-update in their crontab file will also receive the update.
CPX Blacklist/Whitelist: A problem was occurring where Spamassassin was not restarting when new entries were added to either the Blacklist or Whitelist through CPX. New entries are not recognized until Spamassassin is restarted. Spamassassin will now restart after a new entry is added to correct the problem.
Urchin3 vinstall: Urchin3 licenses are no longer available. The Urchin3 vinstall "vinstall urchin" will be removed.
aspell-0.60.6_2: aspell will be upgraded to version 0.60.6_2 and now come preinstalled on the server with the en, cs, cy, da, el, es, it, nl, and sy dictionaries. In addition, the vinstall will be removed as it is no longer needed.

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

« Back

By Month

By Month

Support

Server Software Update Notification: 09-13-2010

Action Needed

Important updates in this Notification:

Linux MPS/VPS

Possible Action Needed

No Action Required

FreeBSD MPS/VPS v3

Important services to be restarted:

Possible Action Needed

No Action Required

FreeBSD MPS/VPS v2

Important services to be restarted:

Possible Action Needed

No Action Required

Support

By Month

By Month

Support

Server Software Update Notification: 09-13-2010

Action Needed

Important updates in this Notification:

Linux MPS/VPS

Possible Action Needed

No Action Required

FreeBSD MPS/VPS v3

Important services to be restarted:

Possible Action Needed

No Action Required

FreeBSD MPS/VPS v2

Important services to be restarted:

Possible Action Needed

No Action Required

Support

Generate Password