(Jan 30) Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. [More…]
Archive for January, 2013
(Jan 30) Several security issues were fixed in Inkscape.
(Jan 30) squid-cgi could consume excessive system resources, leading to a denialof service attack on it and other hosted services.
(Jan 30) Updated openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having [More…]
(Jan 30) Updated openstack-nova packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having [More…]
The following new features have been implemented:
[+] Moving of services between Apache and MySQL service nodes (126520)
[+] DNS template management. Administrators can customize the structure of the DNS template (126593)
[+] Spam filter settings management. Administrators can manage the settings of SpamAssassin spam filter (126593)
[+] Application settings management. Administrators can manage the settings of applications (126593)
[+] When tasks, such as creating user accounts, may take much time to complete, administrators are now informed about it and are advised to check with Task Manager (126614)
[+] Administrators can now remove additional license keys through License Manager (106929)
The following bugs have been fixed:
[-] Administrators could not remove customer accounts. The following error occurred: “Internal error: HTTP request to SSO server failed” (126308)
[-] PPA could not automatically upgrade license keys for Plesk for Windows (128324)
[-] Auto-reply messages could not be shown by mail clients due to incorrectly specified MIME type (128144)
[-] Corrupted firewall rules prevented administrators from attaching service nodes to the management node (128333)
[-] PPA did not properly terminate user sessions after users logged out of Panel (128069)
[-] On attempting to connect SmarterMail nodes, administrators encountered the following error: “Unknown hosting object type: ‘subscription_apsmail’:” (127802)
[-] Statistics collection scripts could not properly determine the usage of mailboxes on SmarterMail nodes (128173)
[-] Administrators could not allocate dedicated IP addresses for web hosting inside Parallels Virtuozzo Containers (126452)
[-] A daily maintenance task was started twice a day (128204)
[-] Apache could not pick up custom configurations from the vhost.conf files (128216)
Netcraft began its Web Server Survey in 1995 and has tracked the deployment of a wide range of scripting technologies across the web since 2001. One such technology is PHP, which Netcraft presently finds on well over 200 million websites. The first version of PHP was named Personal Home Page Tools (PHP Tools) when it was […]
The following new functionality has been added:
[+] (Linux only) MySQL Server 5.5 packaged by Parallels has been updated to 5.5.28 on CentOS 5 (128183)
[+] (Windows only) Support for mailnames with apostrophe symbol has been added (28985)
The following bug has been fixed:
[-] (Linux only) Parallels Premium Outgoing Antispam Mail Statistics uses system PHP interpretator instead of /usr/local/psa/bin/sw-engine-pleskrun which can produce PHP errors (122227)
The following Plesk Service Tool has been improved:
[*] Plesk Service Backup Tool. New options and usage scenarios have been added. Details in article http://kb.parallels.com/113252
(Jan 29) Nova volume could be made to expose volumes from other users.
(Jan 29) Glance could be made to expose sensitive information over the network.
(Jan 28) FFmpeg could be made to crash or run programs as your login if it opened aspecially crafted file.
(Jan 28) libssh could be made to crash if it received specially crafted networktraffic.
(Jan 28) Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
This is your post template. Shouldn’t you add a little more? ®
January 28, 2013 Houston, TX- cPanel Inc., announces the release of cPanel & WHM 11.36 to the CURRENT tier. Included in this brand new release are further improvements to the update system, building on work started with cPanel & WHM 11.30. A new staging step during installation allows a variety …
Enterprise Monitor product. You can subscribe to RSS or Atom feeds, linked from this page, to
This is the notification of the End of Life for cPanel & WHM 11.30 The 18-month lifetime of cPanel & WHM 11.30 ends now. The last release of cPanel & WHM 11.30, being 11.30.8.0, will remain on our mirrors indefinitely. You may continue using this last release, however no updates …
(Jan 24) It was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Jan 22) Vino could be made to expose sensitive information over the network.
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include: Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare […]
(Jan 22) Several security issues were fixed in MySQL.
(Jan 22) PHP could be made to expose sensitive information over the network.
(Jan 21) An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
Netcraft’s phishing site countermeasures service helps organisations targeted by phishing attacks remove the fraudsters’ forms as quickly as possible. Recently we became aware that our median times for takedowns are very much better than the industry average calculated by the Anti-Phishing Working Group (APWG) in its most recent Global Phishing Survey. The APWG found that phishing […]
The following new functionality has been added:
[+] (Linux only) Support for mailnames with apostrophe symbol has been added (28985)
[+] CentOS 5.9 support has been added.
The following bug has been fixed:
[-] MySQL databases with views can’t be restored (121083)
[-] (Linux only) Unable to assign SSL certificates to dedicated IPs for migrated customers (98328)
[-] Empty error message in response at license key rollback via API-RPC.
(Jan 22) An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. [More…]
(Jan 21) Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web browser. [More…]
(Jan 22) Several security issues were fixed in the kernel.
(Jan 22) USN-1681-1 introduced a regression in Firefox.
(Jan 22) Updated mysql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]