Ike.ninja

(Mar 12) Security Report Summary

(Mar 12) A security issue was fixed in libssh.

(Mar 10) Security Report Summary

(Mar 7) Several security issues were fixed in the kernel.

(Mar 10) An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate [More…]

SUMMARY cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26. AFFECTED VERSIONS All versions of PHP …

(Mar 7) Several security issues were fixed in the kernel.

(Mar 7) Several security issues were fixed in the kernel.

(Mar 7) Several security issues were fixed in the kernel.

(Mar 4) Updated mongodb packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate [More…]

(Mar 7) Several security issues were fixed in the kernel.

(Mar 4) Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate [More…]

What’s Changed

[+] Migration from Helm to Parallels Plesk Automation is now supported.
[*] The stability of the migration tool was improved. In case of network connection problems, operations are repeated several times.
[*] Error reporting in the migration tool was improved.
[*] Now Parallels Plesk Automation performs the proper translation of IP addresses during migration.
[*] Now instructions on attaching service nodes running Windows 2012 R2 are available in the Deployment Guide.
[*] The Integration Guide was updated with information about how to use the API for creating subscriptions with multiple webspaces.
[*] The Integration Guide was updated with information about how to manage DNS zones by means of the API.
[-] Updating of Parallels Plesk Automation could be blocked if users were logged in to it. The following error occurred: “[Errno 2] No such file or directory: ‘/var/cache/ppa/uc_cache/tmpGJ_m8x'”.
[-] Instead of a PHP handler’s php.ini file, the system default php.ini file was used to generate a domain-level php.ini file. As a result, sometimes custom PHP for a domain did not work.
[-] After upgrading from Parallels Plesk Automation 11.1 to 11.5, web statistics stopped working on Apache nodes.
[-] Installation of Parallels Plesk Automation failed if the SELinux configuration file /selinux/enforce was empty or the SELinux utility failed to execute the command ‘/usr/sbin/setenforce’, ‘0’.
[-] Disabled DNS zones could become enabled after syncing settings between the Administration Panel with the Hosting Panel.
[-] The link to user documentation in the Administration Panel led to a wrong page.
[-] Users who used an email address as a username could not use the backup and restoration tools.
[-] Upgrade of Parallels Plesk Automation could fail if YUM was not installed or configured, or if repositories were not accessible.
[-] Upgrade of Parallels Plesk Automation could fail if the management node could not connect to service nodes.
[-] When customers changed or added DNS records by means of the API or the console utility /usr/local/psa/bin/dns, the domain zones were filled with duplicated entries.
[-] Administrators could not add more than 256 IP addresses. The following error occurred: “Internal error: Incorrect format of RTM_GETADDR request response.”
[-] Users could not change the IP addresses of the management node by means of the ppa.ip_address utility. The following error occurred: “APS resource for ‘/aps/2/application/dns-record-mx/f81a9762-6149-42fa-8689-4ac20fff61b1’ with id ‘4555’ hasn’t been deleted. Error code: 500.”
[-] Users could not view the web server access logs for add-on domains on Apache-based hosting.
[-] After suspending and unsuspending domains hosted on IIS, users could no longer manage files in File Manager. The following error occurred: “Internal error: Unable to logon user (<host name>sub6_83s): (1331) Logon failure: account currently disabled.
[-] Users could not transfer subscriptions that used Microsoft SQL Server databases to Parallels Plesk Automation.
[-] IIS-based subscriptions could not be completely removed. Some configuration files remained in the file system after removal.
[-] Administrators could not add service nodes when the root login on the nodes was disabled, and sudo was enabled for another user.
[-] Administrators could not log in to a customer’s Hosting Panel from Parallels Business Automation Standard. The following error occurred: “Error: Logged user has no access to the subscription”.
[-] IIS-based sites using MySQL were working very slowly.
[-] Users could not create a webspace on an already existing domain.
[-] The migration tool failed to update itself.
[-] Users could not migrate subscriptions from Plesk 11.5 to Parallels Plesk Automation 11.5. The following error occurred: “Line 177 error: Element ‘cron’, attribute ‘encoding’: The attribute ‘encoding’ is not allowed.”
[-] Users could not migrate subscriptions from Plesk for Linux to Parallels Plesk Automation, if the default Linux Shared Hosting service template was used. The following error occurred: “Mail content transfer from Qmail/Postfix to SmarterMail mail service is not supported. Assign this subscription to a service template which offers Postfix mail service.”
[-] Users could not migrate Microsoft SQL Server databases. The following error occurred: “Subscription is assigned to PPA service template <template name> that has no Microsoft SQL database service. Assign this subscription to a service template which offers Microsoft SQL database service.”
[-] Users could not migrate from Plesk for Windows to Parallels Plesk Automation. The following error occurred: [ERROR] check-infrastructure| Failed to check disk space requirements. Exception message: (u’Failed to detect Plesk virtual hosts directory, reg query output is incorrect: %s’, u’
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Session Manager\Environment plesk_vhosts REG_EXPAND_SZ D:\vhosts ‘)
[-] Migration from H-Sphere could fail even if there was a single subscription with issues.
[-] During migration from Expand, users failed to run the ppa-transfer check.

• Project: Joomla!
• SubProject: CMS
• Severity: Moderate
• Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
• Exploit type: Unauthorised Logins
• Reported Date: 2014-February-21
• Fixed Date: 2014-March-06
• CVE Number: Pending

Description

Inadequate checking allowed unauthorised logins via GMail authentication.

Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions

Solution

Upgrade to version 2.5.19 or 3.2.3

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: CMS
• Severity: Moderate
• Versions: 3.1.2 through 3.2.2
• Exploit type: XSS Vulnerability
• Reported Date: 2014-March-04
• Fixed Date: 2014-March-06
• CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2

Solution

Upgrade to version 3.2.3

Contact

The JSST at the Joomla! Security Center.