Ike.ninja

(Nov 29) It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address. [More…]

(Nov 25) Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. [More…]

The following issues were resolved:

[-] Domains were suspended due to mailbox quota overuse. (PPPM-1018)
[-] Plesk Panel showed the 502 Bad Gateway error page when users opened directories containing a large number of files in File Manager. (PPPM-785)
[-] Users were unable to back up sites if their vhost.conf files contained umlauts in comments. (PPPM-1094)
[-] Transfer of IDN domains failed. (PPPM-1090)
[-] Users were unable to restore data from password-protected backups by means of command-line tools. They encountered the error “Unable to decrypt backup by specified key”. (PPPM-1051)

(Nov 26) Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon: CVE-2013-2236 [More…]

(Nov 25) Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More…]

(Nov 20) Updated pacemaker packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More…]

(Nov 20) Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]

(Nov 21) Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]

(Nov 21) Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. [More…]

(Nov 21) Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More…]

(Nov 20) Several security issues were fixed in Firefox.

(Nov 20) The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the –insecure option. [More…]

(Nov 21) Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]

The following features were added:

[+] (Windows) BIND DNS server was updated to version 9.9.4-P1, CVE-2013-6230 vulnerability is closed.
[+] (Windows) Horde webmail was updated to version 5.1.5, CVE-2013-6275 vulnerability is closed.

The following issues were resolved:

[-] The piped logging feature did not write access_logs for add-on domains and subdomains.
[-] Plesk could not register PHP handlers because of wrong directives in php.ini or if running php -v returned exit code 1. (PPPM-808, PPPM-885)
[-] Chained SSL certificates no longer worked with nginx after upgrade.
[-] During upgrade to Plesk 11.5, the directories of add-on domains were incorrectly relocated in the new structure of virtual hosts.

The first beta of the 3.8 is now available, and the next dates to watch out for are code freeze on December 5th and a final release on December 12th. 3.8 brings together several of the features as plugins projects and while this isn’t our first rodeo, expect this to be more beta than usual. […]