(Jul 29) Bind could be made to crash if it received specially crafted networktraffic.
Comment
The following features have been improved:
[*] (Linux only) The number of CPU cores available to the BIND DNS server is limited to two by default.
[*] (Linux only) After restoring a virtual machine with Panel from a snapshot, Panel updates its license key automatically if necessary.
[*] Extensions SDK improvements. Now extension developers can add the search tools for the lists of objects in their extensions.
[*] Now the mail service works on domains suspended through the Panel GUI.
| Before | Now |
| When a user suspended a domain in the Control Panel, the mail service stopped working. Hence, the owners of mail accounts on this domain could not send and receive emails. | When a user suspends a domain in the Control Panel, the mail service keeps working. Additionally, the user has an option to disable the domain. In this case, the mail service will be stopped as well. |
The following issues have been fixed:
[-] Customers were able to select the Mailbox option on the mail account creation page even if they already reached the limit on mailboxes in the corresponding subscription. (126052)
[-] (Linux only) After upgrading from Panel 11.0.9 to Panel 11.5, Panel did not report errors if it failed to convert mail accounts with mixed-case names to lowercase. (139484)
[-] Security improvements. (139537)
[-] (Linux only) Administrators could not restart nginx and PHP-FPM after changing the system user name of the owner of a website that uses PHP-FPM. (140075)
[-] (Linux only) On the transfer pre-check page, Panel did not inform administrators about potential problems that could occur when Mailman was installed on the source server and was not installed on the destination server. (120244)
[-] (Linux only) The plesk utility did not accept arguments in quotes. (140201)
[-] (Linux only) Panel firewall incorrectly blocked most of outgoing connections. (139010, 139011, 139012)
[-] (Linux only) The warning message on the Forgot your password page was unreadable in the Russian locale. (81562)
[-] Event handlers for the event Subdomain of a default domain created did not work if they were configured to run the subdomain utility. (122382)
[-] (Linux only) The help page for the admin command-line utility did not inform administrators that certain options work only in custom view. (139922)
[-] (Windows only) Customers saw the error 0x800710D8 if they had a subscription that contained a large number of domains (more than 200). (110658)
[-] (Windows only) Panel did not update license keys automatically. (92983)
[-] (Windows only) Panel failed to restore mailboxes with passwords that did not meet the server security requirements. (138318)
[-] (Windows only) The web_statistics_executor.exe utility did not generate statistics for individual domains. (140166)
Debian: 2727-1: openjdk-6: Multiple vulnerabilities
Jul26
on July 26, 2013
at 9:29 pm
Posted In: Uncategorized
(Jul 25) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More…]
Debian: 2726-1: php-radius: buffer overflow
Jul26
on July 26, 2013
at 9:17 pm
Posted In: Uncategorized
(Jul 25) A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. [More…]
(Jul 25) Several security issues were fixed in MySQL.