Blog

Login Register

alt-php updated


PHP had been updated to newer versions in production channels.
Changelog:

To update:
$ yum groupupdate alt-php

KernelCare - RHEL 5 & CentOS 5 support added

Support for RHEL 5 & CentOS 5 kernels had been released. For now we support only x86_64 kernels. Xen kernels will be added soon.
List of supported kernels can be found here: http://patches.kernelcare.com/
Installation instructions: http://www.kernelcare.com/try_it/install.php
You can signup for KernelCare notifications for your kernel here: http://kernelcare.com/mailing-lists.php

KernelCare update for local privilege escalation CVE-2014-4699

CentOS 6, RHEL 6, CL 6 & OpenVZ can now be patched against CVE-2014-4699. The patched kernels are yet to be available from the vendors. Yet, due to the nature of the issue, we wanted to release the patch as soon as possible

CVEs: CVE-2014-4699

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:
  • CVE-2014-4699 ptrace privilege escalation, Enforce RIP <= TASK_SIZE_MAX
    Denial of service attacks as well as local priveledge escalation are possible in some cases on x86_64 systems due to missing validation of the RIP value

Beta: MySQL Governor


New MySQL Governor beta is available from our beta repositories.

Changelog:
  • fixed errors and optimized DirectAdmin script for generating dbuser-map
  • fixed header for dbctl list (Mb/s changed to MB/s)
  • abuser mode set as default
  • fixed error on installation of MySQL 5.6 for cPanel 11.44
  • Switched MySQL installation from production repo
To install:
http://docs.cloudlinux.com/index.html?installation3.html

To update:
$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Beta: alt-php update


PHP had been updated to newer versions in our beta repository.
Changelog:

To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

KernelCare for CentOS/RHEL 5 - beta

Test version of KernelCare for RHEL/CentOS 5 had been released.
You can see list of supported kernels here:
http://patches.kernelcare.com/test/

To install test version, please execute:
rpm -i http://patches.kernelcare.com/kernelcare-test.x86_64.rpm

Followed by:
kcarectl --update --test

We plan to release KernelCare to production within the next 3 days.

KernelCare - CVE-2014-3519 critical Virtuozzo/OpenVZ/PCS vulnerability patched

Critical vulnerability in Virtuozzo/OpenVZ/PCS disclosed today had been patched.


Systems wtih AUTO_UPDATE=yes (DEFAULT) in /etc/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:

  • CVE-2014-3519
    Fixed a critical vulnerability in the legacy simfs container filesystem (ploop is not affected) (CVE-2014-3519, PSBM-27641)

KernelCare - Updates for CL6, Virtuozzo, OpenVZ & PCS

Security patches were backported from latest RHEL kernel for CloudLinux, Virtuozzo, OpenVZ & PCS

More info could be found at:
CloudLinux patches: https://groups.google.com/forum/#!topic/kernelcare-cl6/0vn9P7V5y4A
OpenVZ/Virtuozzo/PCS: https://groups.google.com/forum/#!topic/kernelcare-vz/j87tIz0hlxA

CL6/Hybrid kernel: 2.6.32-531.17.1.lve1.2.58



Minor update to fix a bug in futexes introduced in previous version of upstream kernel.


Changelog:

To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.58.el6 lve-kmod-1.2-62.el6

To update Hybrid servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.58.el5h lve-kmod-1.2-62.el5h

followed by reboot.

For KernelCare.com users updates had been already applied without the need for reboot.

KernelCare - Updates for CentOS 6 & RHEL6

New updates are available for CentOS and RHEL 6. You can find more info about the update here:
https://groups.google.com/forum/#!topic/kernelcare-centos6/9PgxNo_bl2Q

We have created mailing lists/google groups to which you can signup to receive updates related to your KernelCare subscription. You can signup for the updates here: http://kernelcare.com/mailing-lists.php

Beta: alt-php update

PHP 5.6.0 beta 4 is available as part of new alt-php beta update.

Changelog:
  • PHP 5.6.0 beta 4 update (changelog)
  • better Percona Server support from alt-php
  • alt-php-magickwand bugfix
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

KernelCare: CloudLinux and VZ kernel updates, older VZ kernels support

CloudLinux 2.6.32-531.17.1.lve1.2.57el6 kernel can now be patched with KernelCare to fix
futex functionallity deficiency introduced in upstream 2.6.32-042stab090.3 kernel and fixed in 042stab090.4 kernel. Older CloudLinux kernels are not affected. New CloudLinux kernel will be out in day or two.

Virtuozzo/PCS/OpenVZ kernel 2.6.32-042stab090.3 can now be patched with KernelCare to fix futex functionallity deficiency introduced in upstream 2.6.32-042stab090.3 kernel and fixed in 042stab090.4 kernel.

Older Virtuozzo/PCS/OpenVZ kernels 042stab076.7 to 042stab079.6 are now supported: http://patches.kernelcare.com/

beta: lve-utils 1.4-18.3

New minor beta update for lve-utils to remove few bugs prior to production release.

Changelog:
  • LU-94: Missing exception type
  • added conflict with lvemanager < 0.8-1.32
To update:

$ yum update lve-utils --enablerepo=cloudlinux-updates-testing

KernelCare: Stability updates for OpenVZ & Virtuozzo Kernels

Two bugfixes were released to KernelCare providers. We will continue pushing important stability improvements using KernelCare, and not limit the patches to security fixes only.

Following issues had been addressed:
  • ms ext4: fix online resize with a non-standard blocks per group setting (from vzkernel-2.6.32-042stab088.4)
  • fix for netconsole over bonding (from vzkernel-2.6.32-042stab090.2)
List of patches for particular kernel is available from: http://patches.kernelcare.com
More info at http://www.kernelcare.com

Beta: lve-utils 1.4-18.1

New beta version of LVE utils fixes calculation of speed parameter when converting from old method, that used NCPU & CPU options.
We hope it will be last beta, before production release.

To update:
$ yum update lve-utils --enablerepo=cloudlinux-updates-testing

Fix for CVE-2014-3153 vulnerability: new kernels 2.6.32-531.17.1.lve1.2.57 for CL6 & Hybrid

New CL6 and hybrid kernels 2.6.32-531.17.1.lve1.2.57 fixes local vulnerability CVE-2014-3153.
We will provide more details on the exploit itself, once it is publish to general public by MITRE CVE Dictionary

CL5 kernels are not vulnerable.

To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.57.el6 kmod-lve-1.2-61.el6

To update hybrid servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.57.el5h kmod-lve-1.2-61.el5h

Followed by reboot.

KernelCare customers should be secured already by a patch released about 14 hours ago.

KernelCare - CVE-2014-3153 - another vulnerability patched

Patches for CVE-2014-3153 is available for CentOS, RHEL, CloudLinux & OpenVZ kernels. There is no exploit code available today from what we know, but it is possible that it will appear in the public any day now, and might be already sold on relavent forums.
We will provide more details on the exploit itself, once it is publish to general public by MITRE CVE Dictionary

There is no kernels yet for CentOS, RHEL & CloudLinux that fix this vulnerability. OpenVZ released updated kernel yesterday night. We plan to release updated kernel on Monday.

KernelCare customers can enjoy the safety right now.

Alt-php update

Updates for alt-php are moved to our production channels

Changelog:
To update:
$ yum groupupdate alt-php

CL6/Hybrid kernel 2.6.32-531.17.1.lve1.2.56 moved to production

New kernel has been moved to production

Changelog:
To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.56.el6 kmod-lve-1.2-60.el6

To update hybrid servers:

$ yum install kernel-2.6.32-531.17.1.lve1.2.56.el5h kmod-lve-1.2-60.el5h

KernelCare had already delivered security updates available int this kernel, but new patch were issued to match effective kernel version.

KernelCare RPM bugfix

New version of kernelcare RPM had been released. Old version had a bug in a way it run depmod on kcare module, that could cause network module not to boot on reboot. To solve the issue:

$ yum clean all
$ yum update kernelcare

The issue affected only kernelcare-0.9-1 version of RPM. kernelcare-0.9-2 fixes the issue.

Beta: New CL6/Hybrid kernel kernel-2.6.32-531.17.1.lve1.2.56

New kernel is available from our updates-testing repositories.

Changelog:
To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.56.el6 kmod-lve-1.2-60.el6 --enablerepo=cloudlinux-updates-testing

To update hybrid servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.56.el5h kmod-lve-1.2-60.el5h --enablerepo=cloudlinux-hybrid-testing

Beta: alt-php update

Updates for alt-php are available from our updates-testing repository.

Changelog:
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: MySQL Governor 1.0-60

New beta version of MySQL Governor is available.

Changelog:
  • don't create empty stats files when there is no activity
  • dbupdate support for cPanel 11.43
  • added account aname as default user in dbuser-map (if no db user set for an account)
  • check for MySQL-python package on install
  • support fro new lvectl format
  • installation bug fixes.
To install:
http://docs.cloudlinux.com/index.html?installation3.html

To update:
$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

KernelCare key based registration for NAT & Dynamic IPs


Servers behind NAT (with one IP) and those using Dynamic IPs have a natural probem with IP based licenses. To solve that, we are releasing KEY based registration for such servers. This is needed only if you cannot or don't want to use IP based registration.

The registration process is simple:
$ kcarectl --register KEY

You can limit number of servers attached to the key (and give the key to your customer). Customer can also move the registration from server to server, by unregistring one server, and registering another. To unregister server - cutomer would use:
$ kcarectl --unregister

This is available to all KernelCare partners now

Beta: CageFS, LVE Manager, LVE Utils and LVE Stats updated

New beta versions of cagefs 5.2-36, lvemanager 0.8-1.32, lve-utils 1.4-18, lve-stats 0.10-31, python-cllib 1-19 are available from our updates-testing repository.
Those are mostly bugfixes for previous beta verson.

Changelog:

cagefs 5.2-36
  • CAG-294: add /usr/local/awstats/wwwroot/cgi-bin read-only mountpoint for DirectAdmin
  • CAG-289: CageFS User Manager for DirectAdmin under other admin accounts
  • CAG-293: cagefslib.py: strip trailing slash in function is_path_in_exclusions (if needed)
  • CAG-291: configure cagefs for postgresql correctly when /etc/sysconfig/postgres does not exist
  • CAG-295: add PING=/bin/ping to proxy.commands
lvemanager 0.8-1.32

  • LVEMAN-174: list of modules for selected php version is empty for existent user
  • LVEMAN-168: In cPanel when switching to a native version generates an error "php version is incorrect"
  • LVEMAN-160 fix: security CageFS bypass in DirectAdmin plugin found by Stieven Craig
  • LVEMAN-148 fix: DirectAdmin: add lines to /etc/sudoers for all admins
  • LVEMAN-153: cl-quota process mounts correctly
  • LVEMAN-158: ISPmanager can't use package name with quotas
lve-utils 1.4-18
  • LU-88: lvectl package-set doesn't set --pmem parameter
  • LU-87: bugfix for lvemanager (rus symbols in package names) for ISPmanager
  • LU-86: lvectl package-delete doesn't remove packages with russians symbols from /etc/container/ve.cfg on ISP
  • LU-77 additional fix: add functions to detect all admin users and user type in DirectAdmin
  • LU-85: lvectl do not accept decimal separator for vmem value
  • LU-77 fix: add functions to detect all admin users and user type in DirectAdmin
  • LU-84: getcontrolpackages show packages with space in it on ISP wrong
  • LU-83: lvect package-set can`t create package with russian name
  • LU-82: display warning "--cpu option had been deprecated, use --speed instead" instead of error
  • LU-81: remove max value of speed from lvectl --help
lve-stats 0.10-31

  • LVESTATS-33: bugfix for lveinfo --dbgov --from --to any options located after --to are ignored
  • LVESTATS-34: fix SQLite database is locked issue
  • LVESTATS-32: bugfix for dbgovchart with --period parameter
  • LVESTATS-20: retrieve LVE info from REDIS like HGET "testlveid.net" "domains.com:Domain:lveid" 10000)
  • LVESTATS-19: error while reading lve_version from database on package update
  • LVESTATS-24: Incorrect units produced by dbgovchart (KB/s instead MB/s)
  • LVESTATS-30: Added check if the faulted-user is present in cPanel
  • LVESTATS-31: statsnotifer: do not print error when CPanel is not installed, just do nothing

python-cllib 1-19
  • PTCLLIB-13: clsudo.py: add ability to process multiple users
  • PTCLLIB-12: memory_to_page func can't convert float numbers
  • PTCLLIB-11: Bugfix for lvectl list and user-list
  • PTCLLIB-10: add roundig in page_to_memory func
  • PTCLLIB-9: Add clconfpars (for parsing simple cofig files "key=val";)
  • PTCLLIB-8: clfunc.py: added reload_processes() function
To update:
$ yum update cagefs lvemanager lve-stats lve-utils --enablerepo=cloudlinux-updates-testing

Pages: Prev. | 1 | 2 | 3 | 4 | 5 | ... | 21 | Next