Server Software Update Notification: 02-16-2011

This notice contains information for the group of server updates (or dist) occurring February 14, 2011 through February 16, 2011 in all datacenters. Until that time, all of the information included in this document is subject to change.

Important updates in this Notification:

The following updates affect popular or important services and programs:

• Dovecot (Linux and v3)
• Perl (v3)
• PHP (Linux and v3)
• Apache (v2)
• OpenSSL (Linux and v3)
• Postgresql (v3)
• Wordpress (Linux)

Linux VPS/MPS

The following updates will be made to the Linux VPS/MPS platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Dovecot
• named (Bind)
• FDR
• Apache
• Sendmail

Possible Action Needed

The following Linux VPS/MPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

PHP-5.2.17

The vinstall for PHP5 will be upgraded to version 5.2.17.

To upgrade existing installations of PHP5, connect to your server through SSH and execute the following from the command prompt:

# vinstall php5

In addition the Chasen, Kakasi, and Mamazu PHP extensions will link into the latest revision of php5.2.x.

Wordpress-3.0.1

The Wordpress vinstall will be upgraded to version 3.0.1 to correct the permissions assigned to the upload directory for the primary host.

To upgrade existing installations of Wordpress, connect to your server through SSH and execute the following from the command prompt:

# vinstall wordpress

No Action Needed

The following Linux VPS/MPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Bind 9.3.6

Bind will be upgraded to version 9.3.6 to address security vulnerabilities (CVE-2010-3762, CVE-2010-3613 and CVE-2010-3614 discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3762

Dovecot 1.2.16

Dovecot will be upgraded to version 1.2.16.

OpenSSL-0.9.7a-43.17.6

OpenSSL will be upgraded to version 0.9.7a to address the security vulnerability (CVE-2009-3245) discussed here:

https://rhn.redhat.com/errata/RHSA-2010-0977.html

bash-3.0-21.2

Bash will be upgraded to version 3.0-21.2.

FreeBSD VPS/MPS v3

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Dovecot
• named (Bind)
• Apache
• Sendmail
• vsapd
• spamd (Spamassassin)

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

PHP-5.2.17

The vinstall for PHP5 will be upgraded to version 5.2.17.

To upgrade existing installations of PHP5, connect to your server through SSH and execute the following from the command prompt:

# vinstall php5

In addition the Chasen, Kakasi, and Mamazu PHP extensions will link into the latest revision of php5.2x.

Postgresql-8.4.5

The vinstall for Postgresql will be upgraded to version 8.4.5

To upgrade existing installations of Postgresql8, connect to your server through SSH and execute the following from the command prompt:

# vinstall postgresql8

No Action Needed

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Bind 9.6-ESV-R3

Bind will be upgraded to version 9.6-ESV-R3 to address security vulnerabilities (CVE-2010-3613 and CVE-2010-3614) discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3613

Dovecot 1.2.16

Dovecot will be upgraded to version 1.2.16.

OpenSSL-1.0.0c

OpenSSL will be upgraded to the version 1.0.0c to address the security vulnerability (CVE-2010-4180, CVE-2010-4252, and CVE-2010-3864) discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180

In addition, OpenSSL 0.9.8 will be upgraded to the version 0.9.8q.

Spamassassin 3.1.3

Spamassassin will be upgraded to version 3.1.3.

Perl 5.8.9

Perl will be upgraded to version 5.8.9.

arcconf-v6.50.18570

arcconf will be upgraded to version 6.50.18570. In addition, the daily status check script via the periodic.conf will be enabled.

FreeBSD VPS/MPS v2

The following updates will be made to the FreeBSD VPS/MPS v2 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:

• Apache

No Action Needed

The following VPS/MPS v2 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Apache 1.3.42

Apache1.x will be upgraded to version 1.3.42.

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.