Date: November 3rd 2006
The following updates were completed 11/01/2006 on all servers:
FreeBSD VPS v3:
* OpenSSL
The OpenSSL toolkit for SSL/TLS for version 0.9.7e-p1 will be updated to addresses denial of service and buffer overflow security issues CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, and CVE-2006-4343, discussed here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://www.openssl.org/news/secadv_20060928.txt
More information about this security update can be found here:
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
No action needed.
* OpenSSH
The portable OpenSSH connectivity tool will be updated to version 4.4p1,1. This version addresses denial of service security issues, CVE-2006-4924 and CVE-2006-5051, discussed here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
More information about version 4.4p1,1 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=9801+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all
http://www.freebsd.org/cgi/getmsg.cgi?fetch=329946+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all
No action needed.
* SpamAssassin
The vinstall for the SpamAssassin mail filter will be updated to install version 3.1.5_1. This version addresses issues with sa-learn. More information about version 3.1.5_1 can be found here:
http:
No action needed.
* ProFTPD
The ProFTPD GPL-licensed FTP server will be updated to version 1.3.0. This version addresses issues with Mac OS X, mod_ldap, SSL sessions, and several other issues. More information about version 1.3.0 can be found here:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0
No action needed.
* ShopSite
The ShopSite shopping cart installation available with newly ordered servers will be updated to version 8.1.3.1. It will also be updated to address problems with certain Web server configurations. The new version addresses issues with Google Checkout, ShopSite OrderAnywhere, eCheck, and other bug fixes. More information about version 8.1.3.1 can be found here:
http://support.shopsite.com/kbase/view_answer.php?questionID=S5518
This version update only affects newly ordered server products. No action needed.
* Quota
The system files will be updated to address issues with subuser quotas. No action needed.
* ImageMagick
The ImageMagick image processing tools library will be updated to version 6.2.9.8. This version brings the utility to the most current FreeBSD version. More information about version 6.2.9.8 can be found here:
http:
No action needed.
* Samba
The vuninstall for the Samba SMB/CIFS software suite for file and print services will be updated to address problems with the vuninstall script. This update affects the vuninstall only. No action needed.
* GPG
GPG (GNU Privacy Guard or GnuPG) will be updated to version 1.4.5_1. This version brings the utility to the most current FreeBSD version and addresses cURL dependency issues. More information about the changes in version 1.4.5_1 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=1553872+0+/usr/local/www/db/text/2006/cvs-all/20061008.cvs-all
No action needed.
* LCMS
The Little Color Management System (LittleCms or LCMS) color management engine will be updated to version 1.15_1,1. This version brings the utility to the most current FreeBSD version and adds features to allow future supplementary utilities. More information about version 1.15_1,1 can be found here:
http:
No action needed.
* Ruby
The Ruby object-oriented scripting language will be updated to version 1.8.5_3,1. This version brings the language to the most current FreeBSD version and addresses issues with pkg-plist. More information about version 1.8.5_3,1 can be found here:
http:
No action needed.
* Libunrar
Libunrar, part of RAR: Roshal Archive data compression software, will be updated to version 3.6.8,1. This version brings the utility to the most current FreeBSD version and addresses issues with versioning and USE_LDCONFIG. More information about version 3.6.8,1 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=1695937+0+/usr/local/www/db/text/2006/cvs-all/20061001.cvs-all
No action needed.
* FreeType 2
The FreeType 2 portable TrueType font engine will be updated to version 2.2.1_1. This version brings the utility to the most current FreeBSD version and upgrades GNOME support. More information about version 2.2.1_1 can be found at these pages:
http:
http:
No action needed.
* Fontconfig
The fontconfig library for font customization and configuration will be updated to version 2.3.2_6,1. This version brings the utility to the most current FreeBSD version and upgrades GNOME support. More information about version 2.3.2_6,1 can be found at these pages:
http:
http:
No action needed.
* PathTools
The PathTools file specifications module will be updated to version 3.21. This version brings the utility to the most current FreeBSD version. More information about version 3.21 can be found here:
http:
No action needed.
* Python
The version number for the information for python-2.4 in the interactive vinstall mode will be corrected. This update affects the vinstall itself only. No action needed.
* Portupgrade
The Index-6.db file used by the Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to reflect current packages and dependencies.
No action needed.
* Lynx
The Lynx command-line textual Web browser will be update to version 2.8.6p5. This version brings the utility to the most current FreeBSD version and addresses issues with missing files. More information about version 2.8.6p5 can be found at these pages:
http:
http:
No action needed.
* mutt next generation
The mutt next generation command-line email client will be updated to version 20060915. This version brings the utility to the most current FreeBSD version. More information about version 20060915 can be found here:
http:
No action needed.
*XML::LibXML
The XML::LibXML Perl module will be updated to version 1.61003_1. This version brings the module to the most current FreeBSD version and addresses issues with plist and XML::LibXML::XPathContext. More information about version 1.61003_1 can be found at these pages:
http://search.cpan.org/src/PAJAS/XML-LibXML-1.61003/Changes
No action needed.
* Net::DNS
The Net::DNS collection of DNS Perl modules will be updated to version 0.59. This version brings the modules to the most current FreeBSD version and addresses IPv6, NSEC support, and several other issues. More information about version 0.59 can be found here:
http://search.cpan.org/src/OLAF/Net-DNS-0.59/Changes
No action needed.
FreeBSD VPS v2:
* SpamAssassin
The vinstall for the SpamAssassin mail filter will be updated to install version 3.1.5. This version upgrade addresses several bug and documentation issues. More information about version 3.1.5 can be found here:
http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.5-available%21-p6061264.html
To update existing SpamAssassin installations and keep the current program configuration, connect to your server through SSH and execute the following command from the prompt:
# vinstall spamassassin
Answer "yes" (the default) when prompted with the question "Would you like to overwrite/upgrade your existing installation? [yes]:" Answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.1.5 to process *all* email received by this server now? [no]:" Finally, answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.1.5 to process email for a particular user now? [no]:"
* Sendmail RBL
The vinstall for the Sendmail RBL (real-time blackhole list) subscription utility will be updated to add new lists and remove deprecated lists. The available lists will include the following:
sbl-xbl.spamhaus.org -> Spamhaus block list. SBL and XBL (Recommended)
sbl.spamhaus.org -> Spamhaus block list (SBL)
xbl.spamhaus.org -> Spamhaus block list (XBL)
list.dsbl.org -> Distributed Server Boycott List (DSBL)
multihop.dsbl.org -> Distributed Server Boycott List (DSBL)
relays.ordb.org -> Open Relay Database (ORDB)
dnsbl.ahbl.org -> List against abusers and spammers (AHBL)
dnsbl.njabl.org -> Not Just Another Bogus List (NJABL)
unconfirmed.dsbl.org -> Distributed Server Boycott List (DSBL)
whois.rfc-ignorant.org -> RFC Ignorant (Whois)
dnsbl.sorbs.net -> Spam and Open Relay Blocking System (SORBS)
No action needed.
*WordPress
The vinstall of WordPress will be updated to install version 2.0.4. The vinstall will also be updated to provide additional command-line options when installing WordPress. To obtain a full list of these options, connect to your server through SSH and execute the following from the command prompt:
# vinstall wordpress --help
An example of these new options is you can specify to install a language pack for WordPress during the vinstall. For example, the following installs the Japanese language pack:
# vinstall wordpress --lang=’ja’
Version 2.0.4 addresses several security and bug issues. More information about version 2.0.4 can be found here:
http://wordpress.org/development/2006/07/wordpress-204/
If you wish to upgrade your existing WordPress installation, make a backup of your current configuration and database. Then uninstall WordPress before running the following from an SSH command prompt (with or without command-line options):
# vinstall wordpress
Ignore warnings you receive regarding your existing MySQL database. After the vinstall completes, visit http://YOURDOMAIN/WORDPRESS/upgrade.php to complete the upgrade. Replace YOURDOMAIN and WORDPRESS with the domain and directory, respectively, in which WordPress is installed. Then replace your customizations and database from your backup.
* vroot
The vroot administration utility will be updated to include an option for “emergency” mode. This mode could be used if the administrative user inadvertently modifies their environment or login scripts in a way that prevents a valid login for the administrative user. This mode does not read the environment variables or any of the “.” files, such as .login, for the administrative user upon login. Type “e” at the vroot prompt to enter emergency mode. No action needed.
* ShopSite
The ShopSite shopping cart installation available with newly ordered servers will be updated to version 8.1.3.1. It will also be updated to address problems with certain Web server configurations. The new version addresses issues with Google Checkout, ShopSite OrderAnywhere, eCheck, and other bug fixes. More information about version 8.1.3.1 can be found here:
http://support.shopsite.com/kbase/view_answer.php?questionID=S5518
This version update only affects newly ordered server products. No action needed.
* PerlMagick
The PerlMagick Perl API module for ImageMagick will be added to the system Perl version 5.6.1. PerlMagick is an object-oriented Perl interface to ImageMagick which allows you to read, manipulate, or write an image or image sequence from within a Perl script. More information about PerlMagick can be found here:
http://www.imagemagick.org/script/perl-magick.php
No action needed.
* Portupgrade
The index.db file used by the Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to address package corruption issues and to reflect current packages and dependencies. No action needed.
* pkg-config
The pkg-config installed libraries utility will be updated to version 0.21. This version brings the utility to the most current FreeBSD version. More information about version 0.21 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=583374+0+/usr/local/www/db/text/2006/cvs-all/20060917.cvs-all
No action needed.
* Xterm
The xterm terminal emulator will be updated to version 220. This version addresses issues with tek4014 mode. More information about version 220 can be found here:
http://dickey.his.com/xterm/xterm.log.html#xterm_220
No action needed.
* lftp
The lftp file transfer program will be updated to version 3.5.4_1. This version addresses several issues including issues with SSL keys, compilation, and du. More information about version 3.5.4_1 can be found here:
http://lftp.yar.ru/news.html
No action needed.
* Majordomo and MajorCool
The vinstalls for the Majordomo email list utility and the MajorCool web interface for Majordomo will be updated to include improved descriptions. This update affects the vinstall itself only. No action needed.
* Zsh
The zsh Unix command interpreter (shell) will be updated to version 4.3.2_1. This version addresses issues with the acroread. More information about version 4.3.2_1 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=1373221+0+/usr/local/www/db/text/2006/cvs-all/20060924.cvs-all
No action needed.
* Mhash
The mhash library for hash algorithms will be updated to version 0.9.7.1. This version addresses several issues including issues with Perl dependencies and PORTDOCS. More information about version 0.9.7.1 can be found here:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=1491877+0+/usr/local/www/db/text/2006/cvs-all/20060924.cvs-all
No action needed.
* cURL
The cURL file transfer utility will be updated to version 7.15.5. This version adds new features and addresses several issues including issues with Curl_strerror, splay-tree, and the cookie parser. More information about version 7.15.5 can be found here:
http://curl.haxx.se/changes.html
No action needed.
FreeBSD VPS v1:
* ShopSite
The ShopSite shopping cart installation script will be updated to address problems with certain Web server configurations. This update only affects newly ordered server products. No action needed.
Signature:
* PHP
The PHP: Hypertext Preprocessor scripting language will be updated to version 4.4.4. This version brings the software to the most current 4.x version and addresses several issues, some dealing with security and vulnerabilities, including:
- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed memory_limit restriction on 64 bit system.
More information about changes in version 4.4.4 can be found at these pages:
http://www.php.net/release_4_4_4.php
http://www.php.net/ChangeLog-4.php#4.4.4
No action needed.
* LibXML2 and LibXSLT
The LibXML2 and LibXSLT C parser libraries for XML will be updated to versions 2.6.26 and 1.1.17, respectively. These new versions bring the libraries to the most current FreeBSD version and address issues with portability, encoding buffers, and Xpath optimizations. More information about LibXML2 version 2.6.26 can be found here:
http://xmlsoft.org/news.html
More information about LibXSLT version 1.1.17 can be found here:
http://xmlsoft.org/XSLT/news.html
No action needed.
* Libtool and libltdl
The GNU Libtool generic library support script and its associated libltdl wrapper library will be updated to versions 1.5.22_2 and 1.5.22, respectively. These versions bring the utility to the most current FreeBSD version and address USE_REINPLACE issues. More information about Libtool version 1.5.22_2 can be found at these pages:
http:
http:
No action needed.
* XML::LibXML and XML::LibXSLT
The XML::LibXML and XML::LibXSLT Perl modules will be updated to version 1.60. This version addresses a memory leak in transform_file. More information about version 1.60 can be found at these pages:
http://search.cpan.org/src/PAJAS/XML-LibXML-1.60/Changes
http://search.cpan.org/src/PAJAS/XML-LibXSLT-1.60/Changes
No action needed.
* Gallery
The optional Gallery Website Component add-on will be updated to automatically select the Gallery language based the user’s browser locale.
No action needed.
* Control Panel
The Control Panel will be updated to correctly address empty submit fields and updating multiple Website Component add-on passwords at the same time.
No action needed.
Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.
|
<< Previous: Server Software Update Notification: 11-3-2006 |
| Archive Index | |
Next: Enabling Better Spam Filtering >> |
)
AlpineWeb VPS Hosting Announcements
Subscribe to AlpineWeb VPS Hosting:
Powered by Dada Mail 2.10.15
Copyright © 1999-2007, Simoni Creative.