Security Advisory 2013-08-26

Aug27
by Ike on August 27, 2013 at 2:07 pm
Posted In: Community, cPanel, Hosting, News, security

SUMMARY

The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19. cPanel has released EasyApache 3.22.7 with PHP 5.5.3 and 5.4.19 to address this issue.

AFFECTED VERSIONS

All versions of PHP5.5 before 5.5.3 and PHP5.4 before 5.4.19.

SECURITY RATING

The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-4248 – MEDIUM

PHP 5.5.3

Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.

PHP 5.4.19

Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.

SOLUTION

cPanel, Inc. has released EasyApache 3.22.7 with updated versions of PHP5.4 and PHP5.5 to correct these issues. Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run.

For the PGP signed message, please go here.

└ Tags: , , , , ,
 Comment 

Debian: 2740-1: python-django: cross-site scripting vulner

Aug27
by Ike on August 27, 2013 at 12:44 am
Posted In: Other

(Aug 23) Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on [More…]

└ Tags: , , ,
 Comment 

Debian: 2741-1: chromium-browser: Multiple vulnerabilities

Aug27
by Ike on August 27, 2013 at 12:41 am
Posted In: Other

(Aug 25) Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 [More…]

└ Tags:
 Comment 

Parallels Plesk Automation 11.1 MU#14

Aug26
by Ike on August 26, 2013 at 6:22 am
Posted In: Plesk, Releases

The 11.1 MU#14 update is recommended for all Plesk Automation users and includes general functionality fixes that improve the stability, compatibility, and security of your Plesk Automation server.
This update includes internal improvement regarding to reporting of license keys statistics to KA and a couple of bug fixes to improve stability of PPA utility “service node checker”.

To ensure optimal server reliability and security, Parallels strongly recommends keeping your operating system and Plesk Automation software up-to-date.

What’s Changed

[*] The stability of the check_service_node utility was improved.

└ Tags: , , ,
 Comment 

Ubuntu: 1933-1: Linux kernel (OMAP4) vulnerabilities

Aug24
by Ike on August 24, 2013 at 12:25 am
Posted In: Other

(Aug 20) Several security issues were fixed in the kernel.

└ Tags:
 Comment 

50 queries. 8.75 mb Memory usage. 0.254 seconds.