Server Software Update Notification: 10-16-2006 ** Critical Update **

Dada Mail » AlpineWeb VPS Hosting » Archives » Server Software Update Notification: 10-16-2006 ** Critical Update **

Date: October 16th 2006

The following emergency updates were completed late Tuesday (10/10/2006) on all servers:

FreeBSD VPS v2:

* OpenSSH

The portable OpenSSH connectivity tool was updated to version 4.4p1,1. This version addresses denial of service security issues, CVE-2006-4924 and CVE-2006-5051, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051

More information about version 4.4p1,1 can be found here:

http://www.freebsd.org/cgi/getmsg.cgi?fetch=9801+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all
http://www.freebsd.org/cgi/getmsg.cgi?fetch=329946+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all

No action needed.

* OpenSSL

The OpenSSL toolkit for SSL/TLS was updated to version 0.9.7l. This version addresses denial of service and buffer overflow security issues CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, and CVE-2006-4343, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://www.openssl.org/news/secadv_20060928.txt

More information about 0.9.7l can be found here:

http://cvs.openssl.org/getfile?f=openssl/CHANGES
http://www.openssl.org/news/announce.html

No action needed.

FreeBSD VPS v1:

* OpenSSH

The portable OpenSSH connectivity tool was updated to version 4.4p1,1. This version addresses denial of service security issues, CVE-2006-4924 and CVE-2006-5051, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051

More information about version 4.4p1,1 can be found here:

http://www.freebsd.org/cgi/getmsg.cgi?fetch=9801+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all
http://www.freebsd.org/cgi/getmsg.cgi?fetch=329946+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all

No action needed.

Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

<< Previous: Server Software Update Notification: 10-02-2006

| Archive Index |

Next: Server Software Update Notification: 11-3-2006 >>

(archive rss , atom )

AlpineWeb VPS Hosting Announcements

Subscribe to AlpineWeb VPS Hosting:

Powered by Dada Mail 2.10.15
Copyright © 1999-2007, Simoni Creative.