Server Software Update Notification: 12-13-2010

Important: This document contains information for the group of server updates (or dist) occurring December 13, 2010 through December 15, 2010 in all datacenters.

Important updates in this Notification:

• The following updates affect popular or important services and programs:
• CPX (Linux, v3, and v2)
• MIME-Lite (Linux, v3 and v2)
• phpMyAdmin (Linux and v3)
• OpenSSL (v3)
• ProFTPd (cPanel)

Linux MPS/VPS

The following updates will be made to the Linux VPS/MPS platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Apache
• Vsapd (CPX)

Possible Action Needed

The following Linux MPS/VPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

phpMyAdmin

The vinstall for phpMyAdmin will be upgraded to the latest version to address the security vulnerability (PMASA-2010-5) discussed here:

http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php

The vinstall will install phpMyAdmin version 3.3.8 if PHP5 and MySQL5 are running, otherwise the vinstall will install phpMyAdmin version 2.11.11.

To upgrade existing installations of phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:

# vinstall phpmyadmin

No Action Needed

Note

The following Linux VPS/MPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

CPX 2.0.2

CPX 2.0.2 introduces new features and resolves several outstanding issues. With CPX 2.0.2, if clamav-milter or Spamassassin is installed server-wide, then the disable/enable feature will be disabled within the CPX interface. Users will still be able to customize their Spamassassin settings, however an error message will now display when an invalid value is entered for the custom filter level. In addition, the Spamassassin blacklist/whitelist filter will be updated to allow wildcard submissions.

Additional notices have been added including a warning message when adding an email address that already exists, an Apache Restart notice when manually archiving log files, and the Schedule Tasks section within the System Administration module will be updated to give an error if the "Mail To:" address is invalid.

The Address Book will now be limited to 500 contacts in order to prevent a condition which could potentially lock up the account.

This version also addresses several outstanding issues, included in the following:

• Problem occurring when End Users are promoted to a Domain Admin. The newly promoted Domain Admin was unable to create End Users.
• Problem occurring with ownership settings for the cgi-bin directory when adding the CGI Web Service to an existing domain. In addition, the CGI Web Service will be “deselected” by default. Previously it was “selected” by default when adding a new domain.
• If CPX is installed, uninstalling the Apache Perl Module (vuninstall mod_perl) will not be allowed.
• Problem occurring when updating the Address Book if the user is over quota. In addition, a quota exceeded error message will now display.
• CPX incorrectly showing the Apache httpd process as "stopped".
• Updated vadduser to enforce CPX user limits. If a Domain Admin reached their limit with the number of users or email addresses within CPX, it was possible for the Domain Admin to exceed those limits using the vadduser command. In addition, vadduser will be updated to decrease/increase the End User’s quota from the Domain Admin’s overall quota when using vadduser to add an End User.
• Problem when deleting large number of users at one time timing out.
• Problem when compressing/uncompressing large files timing out.
• Problem with Japanese encoding for both upper and lower case letters causing the "From:" and "Subject:" lines to be garbled.
• Japanese translation errors within CPX Onlne Help updated.
• After adding a domain, the Domain list was not displaying the proper number of users assigned to the new domain. The Domain list will now sync with the User list to display the proper number of users.
• Pagination not displaying within the Domain Management module when a Domain Admin was assigned more than 10 domains.
• Fixed broken links when trying to "view" a page created with the File Manager module.
• Problem with "unknown-8bit" encoding in subject line causing CPX to fail.
• Email draft unable to be saved when the "To:", "CC:", or "BCC:" email address is invalid.
• Allow Server Admin to access the email addresses list regardless if they have the mail privilege or not.
• Problem occurring when forwarding an email to an invalid email address.
• Problems with changes to the server Timezone either displaying incorrectly or reverting back to the previous setting.
• Problems with the date format displaying correctly in received email.
• When changing log properties, domains were not preserving their "disabled" status.

MIME-Lite-3.027

The Perl Module:MIME-Lite will be upgraded to version 3.027 to correct a CPX Sent Items issue. In addition, the Perl Modules: MIME-Types-1.30 and Email-Date-Format-1.002 will also be upgraded.

FreeBSD MPS/VPS v3

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Apache
• Vsapd (CPX)

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

phpMyAdmin

The vinstall for phpMyAdmin will be upgraded to the latest version to address the security vulnerability (PMASA-2010-5) discussed here:

http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php

The vinstall will install phpMyAdmin version 3.3.8 if PHP5 and MySQL5 are running, otherwise the vinstall will install phpMyAdmin version 2.11.11.

To upgrade existing installations of phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:

# vinstall phpmyadmin

OpenSSL

OpenSSL will be upgraded to version 0.9.8p to address the security vulnerability (CVE-2010-3864) discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864

In addition, the port version of OpenSSL will be upgraded to version 1.0.0b (the package version will display as 1.0.0_3). Existing port installations of OpenSSL will need to be updated manually using the new package version.

No Action Needed

Note:

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

CPX 2.0.2

CPX 2.0.2 introduces new features and resolves several outstanding issues. With CPX 2.0.2, if clamav-milter or Spamassassin is installed server-wide, then the disable/enable feature will be disabled within the CPX interface. Users will still be able to customize their Spamassassin settings, however an error message will now display when an invalid value is entered for the custom filter level. In addition, the Spamassassin blacklist/whitelist filter will be updated to allow wildcard submissions.

Additional notices have been added including a warning message when adding an email address that already exists, an Apache Restart notice when manually archiving log files, and the Schedule Tasks section within the System Administration module will be updated to give an error if the "Mail To:" address is invalid.

The Address Book will now be limited to 500 contacts in order to prevent a condition which could potentially lock up the account.

This version also addresses several outstanding issues, included in the following:

• Problem occurring when End Users are promoted to a Domain Admin. The newly promoted Domain Admin was unable to create End Users.
• Problem occurring with ownership settings for the cgi-bin directory when adding the CGI Web Service to an existing domain. In addition, the CGI Web Service will be “deselected” by default. Previously it was “selected” by default when adding a new domain.
• If CPX is installed, uninstalling the Apache Perl Module (vuninstall mod_perl) will not be allowed.
• Problem occurring when updating the Address Book if the user is over quota. In addition, a quota exceeded error message will now display.
• CPX incorrectly showing the Apache httpd process as "stopped".
• Updated vadduser to enforce CPX user limits. If a Domain Admin reached their limit with the number of users or email addresses within CPX, it was possible for the Domain Admin to exceed those limits using the vadduser command. In addition, vadduser will be updated to decrease/increase the End User’s quota from the Domain Admin’s overall quota when using vadduser to add an End User.
• Problem when deleting large number of users at one time timing out.
• Problem when compressing/uncompressing large files timing out.
• Problem with Japanese encoding for both upper and lower case letters causing the "From:" and "Subject:" lines to be garbled.
• Japanese translation errors within CPX Onlne Help updated.
• After adding a domain, the Domain list was not displaying the proper number of users assigned to the new domain. The Domain list will now sync with the User list to display the proper number of users.
• Pagination not displaying within the Domain Management module when a Domain Admin was assigned more than 10 domains.
• Fixed broken links when trying to "view" a page created with the File Manager module.
• Problem with "unknown-8bit" encoding in subject line causing CPX to fail.
• Email draft unable to be saved when the "To:", "CC:", or "BCC:" email address is invalid.
• Allow Server Admin to access the email addresses list regardless if they have the mail privilege or not.
• Problem occurring when forwarding an email to an invalid email address.
• Problems with changes to the server Timezone either displaying incorrectly or reverting back to the previous setting.
• Problems with the date format displaying correctly in received email.
• When changing log properties, domains were not preserving their "disabled" status.

MIME-Lite-3.027

The Perl Module:MIME-Lite will be upgraded to version 3.027 to correct a CPX Sent Items issue. In addition, the Perl Modules: MIME-Types-1.30 and Email-Date-Format-1.002 will also be upgraded.

FreeBSD MPS/VPS v2

The following updates will be made to the FreeBSD VPS/MPS v2 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Apache
• Vsapd (CPX)

No Action Needed

The following VPS/MPS v2 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

CPX 2.0.2

CPX 2.0.2 introduces new features and resolves several outstanding issues. With CPX 2.0.2, if clamav-milter or Spamassassin is installed server-wide, then the disable/enable feature will be disabled within the CPX interface. Users will still be able to customize their Spamassassin settings, however an error message will now display when an invalid value is entered for the custom filter level. In addition, the Spamassassin blacklist/whitelist filter will be updated to allow wildcard submissions.

Additional notices have been added including a warning message when adding an email address that already exists, an Apache Restart notice when manually archiving log files, and the Schedule Tasks section within the System Administration module will be updated to give an error if the "Mail To:" address is invalid.

The Address Book will now be limited to 500 contacts in order to prevent a condition which could potentially lock up the account.

This version also addresses several outstanding issues, included in the following:

• Problem occurring when End Users are promoted to a Domain Admin. The newly promoted Domain Admin was unable to create End Users.
• Problem occurring with ownership settings for the cgi-bin directory when adding the CGI Web Service to an existing domain. In addition, the CGI Web Service will be “deselected” by default. Previously it was “selected” by default when adding a new domain.
• If CPX is installed, uninstalling the Apache Perl Module (vuninstall mod_perl) will not be allowed.
• Problem occurring when updating the Address Book if the user is over quota. In addition, a quota exceeded error message will now display.
• CPX incorrectly showing the Apache httpd process as "stopped".
• Updated vadduser to enforce CPX user limits. If a Domain Admin reached their limit with the number of users or email addresses within CPX, it was possible for the Domain Admin to exceed those limits using the vadduser command. In addition, vadduser will be updated to decrease/increase the End User’s quota from the Domain Admin’s overall quota when using vadduser to add an End User.
• Problem when deleting large number of users at one time timing out.
• Problem when compressing/uncompressing large files timing out.
• Problem with Japanese encoding for both upper and lower case letters causing the "From:" and "Subject:" lines to be garbled.
• Japanese translation errors within CPX Onlne Help updated.
• After adding a domain, the Domain list was not displaying the proper number of users assigned to the new domain. The Domain list will now sync with the User list to display the proper number of users.
• Pagination not displaying within the Domain Management module when a Domain Admin was assigned more than 10 domains.
• Fixed broken links when trying to "view" a page created with the File Manager module.
• Problem with "unknown-8bit" encoding in subject line causing CPX to fail.
• Email draft unable to be saved when the "To:", "CC:", or "BCC:" email address is invalid.
• Allow Server Admin to access the email addresses list regardless if they have the mail privilege or not.
• Problem occurring when forwarding an email to an invalid email address.
• Problems with changes to the server Timezone either displaying incorrectly or reverting back to the previous setting.
• Problems with the date format displaying correctly in received email.
• When changing log properties, domains were not preserving their "disabled" status.

MIME-Lite-3.027

The Perl Module:MIME-Lite will be upgraded to version 3.027 to correct a CPX Sent Items issue. In addition, the Perl Modules: MIME-Types-1.30 and Email-Date-Format-1.002 will also be upgraded.

cPanel VPS/MPS

The following updates will be sent out to all cPanel VPS/MPS servers occurring December 13, 2010 through December 15, 2010 in all datacenters.

Important updates in this Notification:

The following updates affect popular or important services and programs:

• ProFTPd

Update Reminders

The purpose of this section is to provide a reminder of available significant software updates to those that are not currently using the auto-update feature within cPanel. We strongly recommend keeping auto-updates enabled so these updates are completed automatically for you. However, if auto-updates are NOT enabled then these reminders will help you to know what updates are available so that you can manually apply the update. This section will notify you of the bigger updates available. Not every update that is available will be displayed. Some updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

ProFTPd-1.3.3c

ProFTPd will be updated to version 1.3.3c to address the security vulnerability discussed here:

• http://proftpd.org/
• http://bugs.proftpd.org/show_bug.cgi?id=3521

cPanel accounts that have the automatic updates feature turned ON (default) will receive the ProFTPd update automatically. If the automatic updates feature has been turned OFF, then ProFTPd will need to be updated manually.

No Action Needed

Note:

The following cPanel VPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Recycle Account

The recycle feature within the cPanel interface will be updated to address an issue that affected some configuration files with special characters in passwords.

Signature

The following updates will be sent out to all Signature servers on the following schedule during the nightly maintenance window.

• Sterling, VA DC on 12/10/10
• San Jose, CA DC on 12/13/10

Apache Core Dump Bug Fix

Updated code so that apache would not undergo a core dump during certain operating conditions. Previously, apache would run unexpected core dumps.

SSL Cert Vulnerability Bug Fix

Updated server encryption settings so that it only supports medium to high encryption. Previously, servers would support low encryption (under 128-bit key strength), which was easily broken.

GlobalSign Intermediate Certificates

Updated Intermediate Cert list to include the following:

• Domain Validated
• Organizational Validated
• Extended Validated
• Extended Validation Root Bundle

Qmail Queue Cleanup

Updated code so that a Qmail cleanup script runs at server reboot. This is to ensure that the qmail queue does not contain old entries. Previously, old qmail entries would remain after a server reboot, which could cause issues with Qmail processes.

Version History Report

Updated code so that the Signature Version history report is updated with latest CP changes.

Joomla! Help Files

Updated code to reflect "Joomla!" functionality in Signature Help. Previously, the help file system did not contain help files for "Joomla!".

ShopSite Display Bug Fix

Updated code so that the heading of the ShopSite landing page will display properly. Previously, the page was showing a broken i

mage.

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.