(Aug 29) Multiple security issues have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting. [More…]
Archive for August, 2013
We are pleased to introduce new updated Release Notes!
Now you can find there additional Tab about Upgrade Impacts:
http://download1.parallels.com/Plesk/PP11/11.5/release-notes/parallels-plesk-panel-11.5-impacts-for-linux-based-os.html
http://download1.parallels.com/Plesk/PP11/11.5/release-notes/parallels-plesk-panel-11.5-impacts-for-windows-based-os.html
We would like to ask our Plesk community about opinion on these changes:
• Do you think Upgrade Impacts are useful?
• What kind of information is missing from Upgrade Impacts?
• What kind of information present in Upgrade Impacts is important/helpful, so we should continue to add it?
• What kind of information present in Upgrade Impacts is useless, so we should remove it?
• What other improvements to Plesk Release Notes you want?
Please share your feedback!
(Aug 27) Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. [More…]
(Aug 29) Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More…]
(Aug 27) Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Aug 28) Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
TSR-2013-0009 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels …
(Aug 26) It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with [More…]
(Aug 27) Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: [More…]
SUMMARY The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 …
(Aug 23) Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on [More…]
(Aug 25) Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 [More…]
The 11.1 MU#14 update is recommended for all Plesk Automation users and includes general functionality fixes that improve the stability, compatibility, and security of your Plesk Automation server.
This update includes internal improvement regarding to reporting of license keys statistics to KA and a couple of bug fixes to improve stability of PPA utility “service node checker”.
To ensure optimal server reliability and security, Parallels strongly recommends keeping your operating system and Plesk Automation software up-to-date.
What’s Changed
[*] The stability of the check_service_node utility was improved.
(Aug 20) Several security issues were fixed in the kernel.
(Aug 20) Several security issues were fixed in the kernel.
(Aug 21) Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
[*]Security improvements.
The following issues were resolved:
[-](Linux only) Virtual host templates stopped working after installation of Plesk 11.0.9 Update #57 (141716)
[-]Websites could not be opened in the Presence Builder editor if they used the Commenting module and the corresponding Disqus accounts were inaccessible. (117507)
[-](Linux only) Plesk API incorrectly reported about removed packages. (126317)
[-](Linux only) Execution of statistics calculation for a single domain resulted in the deletion of FTP log records for other domains.(122407)
[*]Security improvements.
[*] Security improvements.
(Aug 21) Two security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems. [More…]
(Aug 20) Several security issues were fixed in the kernel.
(Aug 20) Several security issues were fixed in the kernel.
(Aug 21) Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Aug 21) Updated mongodb and pymongo packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6. [More…]
Is it possible to estimate the revenue of a hosting company based on its public presence — that is, is the number of websites it hosts directly proportional to its market value? By using the market capitalisation (or acquisition purchase price, where appropriate) as a valuation and examining the number of web-facing computers, a […]
SUMMARY The PHP development team has announced the immediate availability of PHP 5.5.2. This release contains approximately 20 bug fixes, including a security issue in the OpenSSL module (CVE-2013-4248) and a session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache …
[*] (Windows only) MailEnable was upgraded to version 7.50. (141274)
[*] (Windows only) Panel is shipped with Tomcat 7.0.42 and Java Runtime libraries 7 update 25. (141273)
The following issues have been fixed:
[-] (Linux only) Customers could receive the “Mail Not Delivered” messages even if their email was delivered successfully. (119925)
[-] (Linux only) The virus definitions of Parallels Premium Antivirus by Dr. Web were not updated if the default trial license key was used. (139833)
[-] (Linux only) After Panel was upgraded from version 11.0, PHP scripts could no longer be processed by nginx if SELinux was turned on. The following error was recorded in /var/log/php-fpm/error.log: “php-fpm.sock failed (13: Permission denied)”. (140941) [-] (Linux only) In some cases, Panel did not validate DNS record conflicts if CNAME records were manually modified. The DNS server failed to start. (141147)
[-] (Linux only) The RoundCube webmail was not working due to various errors (PHP errors, memory exhaustion, and so on) if certain classes or functions such as ini_get were disabled in the server-wide php.ini file. (141201)
[-] (Linux only) After upgrading Plesk from version 9.5, customers could no longer back up domains that had subdomains. The following error occurred: “Cannot savedir: Permission denied”. (141214)
[-] (Linux only) The subscription command-line utility could not change the PHP handler for websites. (141238)
[-] (Linux only) Subscriptions could not be synchronized with a service plan if the plan was created using command-line utilities and access to shell was not allowed or was set to chroot. (141254)
[-] (Linux only) The allow and deny access directives of Apache .htaccess worked incorrectly if a reverse proxy in nginx was enabled. (141265)
[-] (Linux only) If Panel was installed without updates, and updates were installed afterwards, email messages could not be sent. The following error occurred: “Warning: the Postfix sendmail command must be installed without set-uid root file permissions”. (141283)
[-] (Linux only) Administrators were unable to turn off the nginx reverse proxy. The following error occurred: “Service /etc/init.d/nginx failed to stop”. (141297)
[-] (Linux only) Customers could not disable DomainKeys email signing on domains after it had been enabled. (141316)
[-] The help page of the dns command-line utility was not localized. (141368)
[-] The help page of the server_dns command-line utility contained errors. (141374)
[-] Backing up to external FTP repositories did not work properly. (141100 and 141338)
[-] Updating of reseller service plans via API-RPC could result in the following error: “PHP Fatal error: Call to undefined method”. (141439)
[-] After upgrading from Plesk 9 it was impossible to remove email accounts with mail forwarding. The following error occurred: “PHP Fatal error: Call to undefined method”. (141453)
[-] Customers could use webmail on their domains even if the domains were suspended. (84187)
[-] (Linux only) Qmail did not accept email messages sent to mailing lists on domain aliases. The following error occurred: “550 sorry, no mailbox here by that name. (#5.7.17)”. (107619)
[-] (Linux only) Panel failed to migrate the Mailman data and settings if the default locale of the source server was German. (133147)
[-] Panel failed to migrate mail relay settings from Plesk 9.x with the error “Unable to set relaying type”. (140277)
[-] (Linux only) Panel failed to migrate databases that use latin-1 character set. In the migrated databases, non-ASCII characters were replaced with question marks. (141027)
[-] Panel did not pass database user passwords to event handlers. (141261)
[-] (Linux only) When administrators executed the statistics utility for a single domain, Panel removed FTP log records for other domains. (141378)
[-] Email notifications about resource overuse that were sent on behalf of the administrator contained wrong sender email addresses. (141380)
[-] Administrators had to complete the post-install configuration of Panel before they could use the server_dns command-line utility. (141502)
[-] Security improvements. (141537)
[-] (Linux only) Kaspersky Antivirus could not be switched on via the API-RPC. (141491)
[-] (Linux only) Message submission did not work after installing updates on Panel 11.5.30. (141740)
[-] (Windows only) Domains could not be migrated from Plesk 9 if mail accounts on source servers had a password containing a quotation mark (“) (141054)
[-] (Windows only) AWStats statistics processed log files very slowly because of excessive DNS lookups. (137500)
[-] (Windows only) IP addresses that were no longer used could not be removed from the server IP pool. The following error occurred: “The IP address x.x.x.x is already used for hosting”. (141139)
[-] (Windows only) Panel did not include some DNS records from the server-wide DNS template into DNS zones of newly created domains. (132577)
[-] (Windows only) Users were unable to log in to Control Panel from Customer & Business Manager by clicking Business Operations > Subscriptions > <subscription name> > Log In. They encountered the following error: “Internal error: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘externalId’ in ‘where clause’.” (141454)
[-] (Windows only) Users were unable to import database backups through phpMyAdmin. (141524)
(Aug 20) Several security issues were fixed in the kernel.
(Aug 20) Several security issues were fixed in the kernel.