Important: This notice contains information for the group of server updates (or dist) occurring September 13, 2010 through September 15, 2010 in all datacenters. Until that time, all of the information included in this document is subject to change.
This document provides information about the dist for all VPS and MPS products, including the following products and platforms:
- Linux VPS and MPS (Linux VPS/MPS or Linux)
- FreeBSD VPS and MPS version three (VPS/MPS v3 or v3)
- FreeBSD VPS and MPS version two (VPS/MPS v2 or v2)
Most updates include the name of the software or service being updated, the new version (if applicable), the reasons for the update, and a Changelog or Readme of the changes (if available).
Action Needed
Most VPS and MPS updates do not require action by customers to receive the full benefits of the update. Some updates may require action by customers to receive all benefits of the update, but usually this action is optional, such as updating to the latest version of software. Updates for each platform in this document are grouped together according to any (optional) action needed or no action needed, with those updates possibly requiring action listed first.
Important updates in this Notification:
The following updates affect popular or important services and programs:
- ClamAV (Linux and v3)
- MySQL-5.1.47 (Linux and v3)
- Dovecot with Maildir fix (Linux and v2)
- Proftpd-1.3.3 (Linux)
Linux MPS/VPS
The following updates will be made to the Linux MPS/VPS platform.
Important services to be restarted:
The following services will be restarted by Verio as part of the update:
Possible Action Needed
The following Linux MPS/VPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.
- Mysql-5.1.47
- The vinstall for Mysql 5 will be upgraded to version 5.1.47 to address the security vulnerability discussed here:
http://www.doecirc.energy.gov/bulletins/t-373.shtml
To upgrade existing installations of Mysql 5.1, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.1 - Squirrelmail-1.4.19
- Squirrelmail will be upgraded to version 1.4.19
To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:
# vinstall squirrelmail
No Action Needed
No Action Required
The following Linux MPS/VPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.
- ClamAV-0.96.1
- ClamAV will be upgraded to version 0.96.1. In addition, the clamav db in /skel will be updated so freshclam doesn't take so long on a new install.
The clamav vuninstall will be updated so that the clamd process will be disabled from starting up on restart of the server. - Dovecot with Maildir fix
- A problem was occurring with accounts using Dovecot with Maildir. When a user’s quota was reached, mail would stop delivering to the Maildir (/home/USERID/Maildir) directory and start delivering to the mbox (/var/mail/USERID) file.
Accounts using Dovecot with Maildir and that do not already have the ORGMAIL line in their global procmailrc file will have their procmail rules updated to include the ORGMAIL line to address the problem as shown here:
############DOVECOT-START############
DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/
############DOVECOT-END############
- Dovecot vinstall
- The Dovecot vinstall has been updated to fix the version strings in the vinstall script to match what the version that is actually being installed.
- proftpd-1.3.3
- ProFTPd will be upgraded to version 1.3.3.
- proftpd.conf
- The configuration file for ProFTPD will be updated to change the AllowForeignAddress setting to "Off". This setting should be off by default.
In addition, a problem was occurring with some FTP clients connecting with SSL. To address this problem, the TLSEngine and TLSUseSSCert directives will be moved inside an <IfModule mod_tls.c> block and a disabled TLSOptions of NoSessionReuseRequired will be added with an explanation as shown here:
TLSEngine On
TLSUseSSCert On
# TLSLog /var/log/proftp-tls-log
#
# mod_tls only accepts SSL/TLS data connections that reuse the SSL session
# of the control connection, as a security measure. There are some clients
# (e.g. curl) which do not reuse SSL sessions. Uncomment the following line
# to relax the requirement.
#
# TLSOptions NoSessionReuseRequired
- autoreply
- A problem was occurring with autoreply when the FROM: line would span multiple lines causing autoreply to not be able to parse the FROM: line and send a return message. Autoreply will be updated to address this problem.
- sudo
- The current list of sudo commands will be updated to include the vinstall and vuninstall commands.
- expose_php
- The expose_php line in the php.ini file will be set to “Off” by default. This change is for PCI.
- Rails-2.3.8
- The Rails vinstall will be upgraded to version 2.3.8.
- vquota
- vquota will be updated to address a problem where user soft quotas were allowed to exceed user hard quotas.
- vrmuser
- vrmuser will be updated to only check directives in the Apache configuration (httpd.conf) file where usernames are expected.
- vedituser --password
- vedituser will be updated so that the --password flag will properly set the user password.
- traceroute
- traceroute will be updated to correct a couple of bugs addressed here:
http://rhn.redhat.com/errata/RHBA-2008-0883.html
FreeBSD MPS/VPS v3
The following updates will be made to the FreeBSD VPS/MPS v3 platform.
Important services to be restarted:
The following services will be restarted by Verio as part of the update:
Possible Action Needed
The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.
- Mysql-5.1.47
- The vinstall for Mysql 5 will be upgraded to version 5.1.47 to address the security vulnerability discussed here:
http://www.doecirc.energy.gov/bulletins/t-373.shtml
To upgrade existing installations of Mysql 5.1, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.1 - Postgresql-8.2.13
- The vinstall for Postgresql8 will be upgraded to version 8.2.13.
To upgrade existing installations of Postgresql8, connect to your server through SSH and execute the following from the command prompt:
# vinstall postgresql8 - Squirrelmail-1.4.19
- Squirrelmail will be upgraded to version 1.4.19.
To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:
# vinstall squirrelmail - Wordpress-2.8.4
- Wordpress will be upgraded to version 2.8.4.
To upgrade existing installations of Wordpress, connect to your server through SSH and execute the following from the command prompt:
# vinstall wordpress - Webalizer-2.21.2
- Webalizer will be upgraded to version 2.21.2.
No Action Needed
No Action Required
The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.
- ClamAV-0.96.1
- ClamAV will be upgraded to version 0.96.1. In addition, the clamav db in /skel will be updated so freshclam takes less time to complete on a new install.
The clamav vuninstall will be updated so that the clamd process will be disabled from starting up on restart of the server. - proftpd.conf
- A problem was occurring with some FTP clients connecting with SSL. To address this problem, the TLSEngine and TLSUseSSCert directives will be moved inside an <IfModule mod_tls.c> block and a disabled TLSOptions of NoSessionReuseRequired will be added with an explanation as shown here:
TLSEngine On
TLSUseSSCert On
# TLSLog /var/log/proftp-tls-log
#
# mod_tls only accepts SSL/TLS data connections that reuse the SSL session
# of the control connection, as a security measure. There are some clients
# (e.g. curl) which do not reuse SSL sessions. Uncomment the following line
# to relax the requirement.
#
# TLSOptions NoSessionReuseRequired
- autoreply
- A problem was occurring with autoreply when the FROM: line would span multiple lines causing autoreply to not be able to parse the FROM: line and send a return message. Autoreply will be updated to address this problem.
- Sudo-1.7.2.7
- sudo will be upgraded to version 1.7.2.7 to address the security vulnerabilies CVE-2010-1163 and CVE-2010-1646 discussed here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
http://portaudit.freebsd.org/d42e5b66-6ea0-11df-9c8d-00e0815b8da8.html
In addition, the current list of sudo commands will be updated to include the vinstall and vuninstall commands. - expose_php
- The expose_php line in the php.ini file will be set to “Off” by default. This change is for PCI.
- vaddhost
- Currently only the non-SSL is setup when vaddhost is run with --defaults. vaddhost --default will be updated to add both SSL and non-SSL entries.
- vquota
- vquota will be updated to address a problem where user soft quotas were allowed to exceed user hard quotas. In addition, non-root filesystems will be filtered out of the vquota output.
- vnukelog
- vnukelog will be updated to assume the “-a” option when run in a batch (e.g. cron).
- Ruby-1.8.7.160_4,1
- Ruby will be upgraded to 1.8.7.160.
- ruby18-eruby-1.0.5_2
- eRuby will be upgraded to version 1.0.5_2.
- mod_ruby-1.3.0_1
- The mod_ruby Apache module will be updated to version 1.3.0_1.
- Python-2.5.5
- The Python-2.5 vinstall will be upgraded to version 2.5.5 to address CVE_2009_3560 & CVE-2009-3720.
- Python-2.4.5_5.tbz
- The Python-2.4 vinstall will be upgraded to version 2.4.5_5.
- Metamail vinstall
- A problem was occurring with the Metamail vinstall where the vinstall would fail because of a missing dependency. The dependency will be removed from the Metamail vinstall to address this problem.
- Samba-3.0.37,1
- A problem was occurring with the Samba3 vinstall where the vinstall would fail because of a missing dependency. The Samba3 vinstall will be upgraded to version 3.0.37 to address this problem.
- quota command
- The quota command will be updated to only show virtual quotas for "/".
- Urchin3 vinstall
- Urchin3 licenses are no longer available. The Urchin3 vinstall "vinstall urchin" will be removed.
- ja-nkf-2.0.9,1
- nkf will be upgraded to version 2.0.9.
- mutt-devel-lite-1.5.20_1
- mutt-ng has been deprecated and will be removed and replaced with mutt-devel using the lite package.
- arcconf-v6.10.18359
- arcconf will be upgraded to version 6.10.18359.
- Portupgrade-2.4.6_3,2
- Portupgrade will be upgraded to version 2.4.6.
- lcms-1.18a_1,1
- lcms will be upgraded to version 1.18a
- m4-1.4.13,1
- m4 will be upgraded to version 1.4.13.
- Readline-6.0_1
- Readline will be upgraded to version 6.0.
- unrar-3.90.b4,5
- unrar will be upgraded to version 3.90.b4.
- Popt-1.14
- Popt will be upgraded to version 1.14.
- Bash-4.0.24
- Bash will be upgraded to version 4.0.24.
- PNG-1.2.37
- PNG will be upgraded to version 1.2.37.
- Libksba-1.0.7
- Libksba will be upgraded to version 1.07.
- GnuTLS-2.8.3
- GnuTLS will be upgraded to version 2.8.3 to address the security vulnerabilities CVE-2009-1415, CVE-2009-1416, CVE-2009-1417, and CVE-2009-2730 discussed here:
http://www.gnu.org/software/gnutls/security.html - pinentry-curses-0.7.6
- pinentry-curses will be upgraded to version 0.7.6.
- Libunrar-3.9.5,1
- Libunrar will be upgraded to version 3.9.5.
- Vim-Lite-7.2.239
- Vim-Lite will be upgraded to version 7.2.239.
- Cyrus-sasl-2.1.23
- Cyrus-sasl will be upgraded to version 2.1.23.
- Cyrus-sasl-saslauthd-2.1.23
- Cyrus-sasl-saslauthd will be upgraded to version 2.1.23.
- Mime-Support-3.46.1
- Mime-Support will be upgraded to version 3.46.1.
- Sendmail-rbls
- The sendmail-rbls vinstall will be updated to include PBL and Zen to the RBL subscription list.
- gtar-1.23
- gtar will be upgraded to version 1.23 to address the security vulnerability CVE-2010-0624 discussed here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624 - xz-4.999.9_1
- xz (previously called LZMA Utils) will be upgraded to version 4.999.9_1.
- gmp-5.0.1
- GMP will be upgraded to version 5.0.1.
- tiff-3.9.4
- tiff will be upgraded to version 3.9.4 to address the security vulnerabilities CVE-2009-2347 and CVE-2010-1411 discussed here:
CVE-2009-2347 - http://portaudit.freebsd.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html
CVE-2010-1411 - http://portaudit.freebsd.org/313da7dc-763b-11df-bcce-0018f3e2eb82.html - wtmp
- A problem was occurring where sshd connections were not being recorded to the /var/log/wtmp file. The wtmp file will now log sshd connections to correct the problem.
- gcc-4.2.5.20090325_2
- The gcc-4.2 package required by the clamav-0.96.x series
- mpfr-2.4.2
- another package that goes with gcc-4.2.xx
FreeBSD MPS/VPS v2
The following updates will be made to the FreeBSD VPS/MPS v2 platform.
Important services to be restarted:
The following services will be restarted by Verio as part of the update:
Possible Action Needed
The following VPS/MPS v2 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.
- Squirrelmail-1.4.19
- Squirrelmail will be upgraded to version 1.4.19.
To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:
# vinstall squirrelmail
No Action Needed
No Action Required
The following VPS/MPS v2 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.
- Dovecot with Maildir fix
- A problem was occurring with accounts using Dovecot with Maildir. When a user’s quota was reached, mail would stop delivering to the Maildir (/home/USERID/Maildir) directory and start delivering to the mbox (/var/mail/USERID) file.
Accounts using Dovecot with Maildir and that do not already have the ORGMAIL line in their global procmailrc file will have their procmail rules updated to include the ORGMAIL line to address the problem as shown here:
############DOVECOT-START############
DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/
############DOVECOT-END############ - ClamAV db
- The clamav db in /skel will be updated so freshclam takes less time to complete on a new install.
- autoreply
- A problem was occurring with autoreply when the FROM: line would span multiple lines causing autoreply to not be able to parse the FROM: line and send a return message. Autoreply will be updated to address this problem.
- expose_php
- The expose_php line in the php.ini file will be set to "Off" by default.
- vnukelog
- vnukelog will be updated to assume the "-a" option when run in a batch (e.g. cron).
- vrmuser
- vrmuser will be updated to only check directives in the Apache configuration (httpd.conf) file where usernames are expected.
- eRuby vinstall
- A problem was occurring with the eRuby vinstall where the vinstall would fail because of a missing dependency. The dependency will be removed from the eRuby vinstall to correct this problem.
- Spamassassin
- The Spamassassin vinstall will be updated to include an entry in the crontab file (/etc/crontab) to run sa-update once a day. In addition, existing installs that do not already have sa-update in their crontab file will also receive the update.
- CPX Blacklist/Whitelist
- A problem was occurring where Spamassassin was not restarting when new entries were added to either the Blacklist or Whitelist through CPX. New entries are not recognized until Spamassassin is restarted. Spamassassin will now restart after a new entry is added to correct the problem.
- Urchin3 vinstall
- Urchin3 licenses are no longer available. The Urchin3 vinstall "vinstall urchin" will be removed.
- aspell-0.60.6_2
- aspell will be upgraded to version 0.60.6_2 and now come preinstalled on the server with the en, cs, cy, da, el, es, it, nl, and sy dictionaries. In addition, the vinstall will be removed as it is no longer needed.
Note: This notification reflects the best knowledge of code and feature updates for this release. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.