(Jul 29) Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
(Jul 27) Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. [More…]
(Jul 28) OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: [More…]
(Jul 29) Bind could be made to crash if it received specially crafted networktraffic.
[*] Now the mail service works on domains suspended through the Panel GUI.
| Before | Now |
| When a user suspended a domain in the Control Panel, the mail service stopped working. Hence, the owners of mail accounts on this domain could not send and receive emails. | When a user suspends a domain in the Control Panel, the mail service keeps working. Additionally, the user has an option to disable the domain. In this case, the mail service will be stopped as well. |
The following issues have been fixed:
[-] Customers were able to select the Mailbox option on the mail account creation page even if they already reached the limit on mailboxes in the corresponding subscription. (126052)
[-] (Linux only) After upgrading from Panel 11.0.9 to Panel 11.5, Panel did not report errors if it failed to convert mail accounts with mixed-case names to lowercase. (139484)
[-] Security improvements. (139537)
[-] (Linux only) Administrators could not restart nginx and PHP-FPM after changing the system user name of the owner of a website that uses PHP-FPM. (140075)
[-] (Linux only) On the transfer pre-check page, Panel did not inform administrators about potential problems that could occur when Mailman was installed on the source server and was not installed on the destination server. (120244)
[-] (Linux only) The plesk utility did not accept arguments in quotes. (140201)
[-] (Linux only) Panel firewall incorrectly blocked most of outgoing connections. (139010, 139011, 139012)
[-] (Linux only) The warning message on the Forgot your password page was unreadable in the Russian locale. (81562)
[-] Event handlers for the event Subdomain of a default domain created did not work if they were configured to run the subdomain utility. (122382)
[-] (Linux only) The help page for the admin command-line utility did not inform administrators that certain options work only in custom view. (139922)
[-] (Windows only) Customers saw the error 0x800710D8 if they had a subscription that contained a large number of domains (more than 200). (110658)
[-] (Windows only) Panel did not update license keys automatically. (92983)
[-] (Windows only) Panel failed to restore mailboxes with passwords that did not meet the server security requirements. (138318)
[-] (Windows only) The web_statistics_executor.exe utility did not generate statistics for individual domains. (140166)
50 queries. 8.5 mb Memory usage. 0.768 seconds.