Blog

Login Register

Beta: CageFS and liblve updated for CL7


CageFS (version 5.3-11) and liblve (version 1.3-1.8 ) are updated for CloudLinux 7 and are available from our updates-testing repository.

Changelog:

cagefs 5.3-11

  • CAG-359: changed start number of cagefs service from 12 to 29 for new cagefs installations only;
  • CAG-352: added "cleaning" of config directories to cronjob and userdel hook (removing config files of non-existing users);
  • CAG-329: domain mount points are not lost when system user renamed from Plesk panel;
  • CAG-320: PHP Selector settings are not lost after transfer of accounts in DirectAdmin;
  • CAG-330: put processes executed via proxyexec into LVE;
  • CAG-313: made CageFS configuration directories and files not readable for regular users (permissions corrected);
  • CAG-333: process duplicates UIDs correctly in cagefs.server;
  • CAG-351: fixed 'service cagefs stop' slowness (conflict with systemd);
  • CAG-348: built suexec & suphp for iWorx;
  • CAG-347: proxyexec socket directory moved from /var/run/proxyexec/cagefs.sock to /var/lib/proxyexec/cagefs.sock.
liblve 1.3-1.8

  • LIBLVE-8: improved security of pivot_root scheme.
To update run:
yum update cagefs --enablerepo=cloudlinux-updates-testing

Note: if you use alt-php packages, please execute:
yum update alt-php-config --enablerepo=cloudlinux-updates-testing

New beta kernel for CloudLinux 7

New beta of CloudLinux 7 kernel is out. It fixes the issue with TCP memory accounting.

To install new kernel please run the following command:
$ yum install kernel-3.10.0-223.1.2.lve1.3.22.el7 kmod-lve-1.3-22.el7 --enablerepo=cloudlinux-updates-testing

KernelCare protection against Rowhammer privilege escallation


The rmemory hardware issue "Rowhammer" was recently discovered to allows privileged escalation. The issue can be mitigated (at least in its current form) by preventing user from reading /proc/$(pid)/pagemap, /proc/kpageflags, /proc/kpagecount files. Yet, this protection is not available from RedHat, CentOS, Parallels. It is not available as part of CloudLinux OS kernel as well. The reason is that this protection will not prevent only current implementation of the attack. Forcing customers to reboot to install new kernel, just to release a new kernel a week later is something most OS vendors don't want to do.

KernelCare with its ability to patch kernel on the fly is perfectly suited to protect against such issues. We can update the kernel & fix security issues without the need for the reboot. This gives us unique opportunity to patch & mitigate potential 'rowhammer' attacks within days, as they come.

Today we have released patches for RHEL, CentOS, CloudLinux 6 & PCS/VZ/OpenVZ that protects against Rowhammer related exploit. Debian, Ubuntu & RHEL/CentOS 7 patches will be released tomorrow.

MySQL (MariaDB) updated


New versions of MySQL (MariaDB) moved to stable repository.
  • cl-MariaDB101 - 10.1.2-6;
  • cl-MariaDB100 - 10.0.15-14;
  • cl-MySQL56 - 5.6.22-16;
  • cl-MySQL51 - 5.1.73-21;
  • cl-MySQL50 - 5.0.96-20;
  • cl-MySQL55 - 5.5.41-29.
To update MySQL(MariaDB) run:

$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

To install new MySQL(MariaDB) run:

$ yum install governor-mysql

$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Beta: Alt-Ruby updated



Alt-Ruby is updated to version 2.0.0-5 and is available from our updates-testing repository.

Changelog:

Alt-Ruby 2.0.0-5
To update run:

yum groupupdate alt-ruby --enablerepo=cloudlinux-updates-testing

Beta: LVE Manager updated



LVE Manager is updated to version 0.9-9 and available from our updates-testing repository.

Changelog:

LVE Manager 0.9-9

  • LVEMAN-351: disabled PHP Selector plugin doesn't become enabled after cPanel update;
  • LVEMAN-335: fixed hiding Python/Ruby Selector icons in paper_lantern when unchecked in feature manager;
  • LVEMAN-339: "Hide PHP extensions" option works in paper_lantern theme;
  • LVEMAN-285: "Hide LVE end user usage statistics" works in paper_lantern theme;
  • LVEMAN-240: fixed issue with sorting SPEED column in percents;
  • LVEMAN-344: "Setup Python/Ruby App" icons are visible to theme x3 users;
  • LVEMAN-330: interface for viewing snapshots in cPanel is installing correctly;
  • LVEMAN-342: fixed error while removing lvemanager package;
  • LVEMAN-331: added ability to hide Python and Ruby Selector icons;
  • LVEMAN-336: fixed error with installing rpm package on old cPanel versions (without paper_lantern theme);
  • LVEMAN-210: added additional error reporting for php (commons/lib/clselect/clextselect.py);
  • LVEMAN-326: Plesk reseller users can use PHP-Selector - 'NOT AUTHORIZED' message behavour fixed;
  • LVEMAN-290: changing cwd when executing pip (fixed Permission denied: '/root/.pip' error);
  • LVEMAN-226: 'submit' tag input fixed in Resource Usage page on cPanel;
  • LVEMAN-329: CloudLinux.cgi options tab is adapted for lve-stats2;
  • LVEMAN-328: fixed creation of /var/lve/rubygems and /var/lve/pypindex;
  • LVEMAN-271: "Hide PHP Extensions" selection works in paper_lantern theme;
  • LVEMAN-285: "Hide LVE end user usage statistics" works in paper_lantern;
  • LVEMAN-324: prevented entering 'system' or public_html directories in application path;
  • LVEMAN-240: ordering by speed column added for cPanel;
  • LVEMAN-325: added ability to remove Ruby module in Firefox;
  • LVEMAN-207: Remark supports all values in /etc/cl.selector/php.conf;
  • LVEMAN-291: PHP Selector saves sendmail options in DirectAdmin;
  • LVEMAN-305: ResourceUsage adapted for lve-stats2;
  • LVEMAN-321: DirectAdmin Selector tab shows warning when Alt-PHP packages are not installed;
  • LVEMAN-320: selectorctl provides "Version Not Specified" message when the version is not specified;
  • LVEMAN-252: fixed error when no module selected in php options in PHP Selector on cPanel;
  • LVEMAN-260: in selectorctl added ability to create etc directory for user if it does not exist (execute cagefsctl --cpetc);
  • LVEMAN-301: selectorctl can process users with duplicate UIDs;
  • LVEMAN-313: Snapshots link in Resource Usage is only visible when new lve-stats package is installed;
  • LVEMAN-264: cPanel interface for viewing snapshots (for user and for admin) is installing correctly;
  • LVEMAN-303: CloudLinux.cgi notifications dialog is adapted for lve-stats2.
To update run:

yum update lvemanager --enablerepo=cloudlinux-updates-testing

Alt-PHP updated


Alt-PHP is updated and available from our production repository.

Changelog:

Alt-PHP 4.4
  • Built with lsphp support.
Alt-PHP 5.2.17-56
Alt-PHP 5.3.29-8
Alt-PHP 5.4.38-2
Alt-PHP 5.5.22-2
Alt-PHP 5.6.6-2

  • lsapi updated to version 6.7.1 - fixed PHP getenv issue.
To update run:

yum groupupdate alt-php

LVE Manager updated



LVE Manager (version 0.9-3.10) is updated and available from our production repository.

Changelog:

LVE Manager 0.9-3.10
  • LVEMAN-351: disabled PHP Selector plugin doesn't become enabled after cPanel update.
To update run:

yum update lvemanager

Beta: mod_lsapi updated


New version of mod_lsapi (0.2-7) was released to our updates-testing repository.

Changelog:

mod_lsapi 0.2-7
  • added missed script for installation on servers with no control panel.
To update run:

cPanel & RPM Based:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

To install please follow the instructions: http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Beta: Alt-PHP updated



Alt-PHP is updated and available from our updates-testing repository.

Changelog:

Alt-PHP 5.2.17-56
Alt-PHP 5.3.29-8
Alt-PHP 5.4.38-2
Alt-PHP 5.5.22-2
Alt-PHP 5.6.6-2

  • lsapi updated to version 6.7.1 - fixed PHP getenv issue.
To update run:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

KernelCare: How does it work?

Rebooting is a pain
Rebooting server is a pain. It is often scheduled for the darkest of night. It requires minutes of downtime, and it can take up to 15 minutes for the server performance to stabilize, and catches to warm up. This is not something you want to do often.Yet, any time there is a security vulnerability in the kernel, server should be rebooted. This is where KernelCare comes in. It provides a service that will patch security vulnerabilities inside the running kernel - without any downtime or service interruption.

Read more...

Beta: Alt-PHP 4.4 updated



Alt-PHP 4.4 was updated and released to our updates-testing repository.

Changelog:

Alt-PHP 4.4
  • Built with lsphp support.
To install run:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

LVE Manager updated



New updates for our LVE Manager (version 0.9-3.9) are moved to production repository.

Changelog:

LVE Manager 0.9-3.9
  • LVEMAN-335: Fixed hiding Python/Ruby Selector icons in paper_lantern when unchecked in feature manager;
  • LVEMAN-344: Python/Ruby Selector icons are visible for X3 theme users.
Tu update run:

yum update lvemanager

CageFS, lve-utils, python-cllib, bsock updated for CL7



CageFS, lve-utils, python-cllib and bsock for CloudLinux 7 are updated and available from our production repository.

Changelog:

CageFS 5.3-9
  • CAG-351: 'service cagefs stop' slowness (conflict with systemd) fixed;
  • CAG-348: suexec & suphp for iWorx built;
  • CAG-347: proxyexec socket directory moved from /var/run/proxyexec/cagefs.sock to /var/lib/proxyexec/cagefs.sock.
lve-utils 1.4-36
  • LU-124: lvectl detects its function normally;
  • LU-123: lveps fixed;
  • LU-114: /usr/bin/alt-php-mysql-reconfigure moved to alt-php-conf package;
  • LU-122: "mount --make-rprivate /" command added to lve_namespaces service;
  • LU-116: processpaneluserspackages runs normally;
  • LU-113: disable kill_orphaned_php-cron job config implemented.
python-cllib 1.1-10
  • fixed blank lines handling in setup_mount_dir_cagefs();
  • CageFS is detected more reliably.
bsock 0.09-5
  • proxyexec socket directory moved from /var/run/proxyexec/cagefs.sock to /var/lib/proxyexec/cagefs.sock.
To update run:

yum update cagefs python-cllib

Alt-PHP updated


Alt-PHP versions 56, 55 and 54 are updated and available from our production repository.

Changelog:
  • glibc gethostbyname buffer overflow fixed;
  • eliminated the ability to run arbitrary code in some cases.
Alt-PHP 5.6.6:

(http://php.net/ChangeLog-5.php#5.6.6)

Alt-PHP 5.5.22:

(http://php.net/ChangeLog-5.php#5.5.22)

Alt-PHP 5.4.38:

(http://php.net/ChangeLog-5.php#5.4.38)

To update run:

$ yum groupupdate alt-php

Help us see just how good OptimumCache is


One of the problems we have with OptimumCache is that it is hard for us to know just how much it helps in production environment. It is not like all the pages would instantly start loading faster, or CPU usage would drop by 50%. The benefits are much more subtle, yet can be quite significant.

To better understand the benefits, we have created a way to collect memory, CPU & IO usage from the server. We want to collect such data for a week from a server before OptimumCache is started... and then after.
Once we have two datasets, we can compare and see where, and how much OptimumCache helps in real life settings.

We are looking for a 'stable' environment for that, where no other changes are planned for the next month, and where the server is filled up with customers, and you don't plan to add large number of customers any time soon.
Something that had been in production for a year or so.

If you have such servers, and willing to help, please, contact me direct at [email protected]

CloudLinux 7 Beta 2


Second beta of CloudLinux 7 is available. It fixes majority of issues found in Beta 1, and should be fine to deploy on servers with light load.

Changelog:
  • New kernel 3.10-223.1.2lve1.3.21 fixes lock up issues
  • /proc security added
  • SecureLinks added
  • alt-php 5.2 & 5.1 are now supported
  • yum-fastestmirror are supported
The best way to go is to convert CentOS 7 server:
# wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
# ./cldeploy --beta -k <key>

To update beta kernel:
# yum install kernel-3.10.0-223.1.2.lve1.3.21.el7 kmod-lve-1.3-21.el7 --enablerepo=cloudlinux-updates-testing

Beta: mod_lsapi updated



The new version of mod_lsapi (0.2-3) was released to our updates-testing repository.

Changelog:

mod_lsapi 0.2-3
  • cpanel-mod-lsapi and mod_lsapi were merged into one. Now one name is used for installation module for all panels (except DirectAdmin) - mod_lsapi.
To update run:

cPanel & RPM Based:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

To install follow the instructions: http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Bugfix release: OptimumCache 0.2-23



New version of OptimumCache 0.2-23 comes out with major fix for ploop issue - namely, for ploop unclean unmount problem.

OptimumCache 0.2-23 brings ‘optimumcache-collect’ package with it. ‘optimumcache-collect’ is a daemon to accumulate statistics about OptimumCache and system load for further analysis with data mining tools. 'optimumcache-collect' spawns ‘collectl’ daemon instance, which differs from default one in ‘collectl’ package, as far as it has separate config, pid file and custom plugins. Thus, if ‘collectl’ has been already used to collect system statistics, there shall be no interference with it.

Changelog:

OptimumCache 0.2-23
  • ploop mount/unmount problem fixed;
  • ploop mount/unmount dependency resolved - “failed to attach peer” error fixed;
  • requires ‘optimumcache-collect’ package (will be installed along).
To update run:

# yum update optimumcache --enablerepo=cloudlinux-updates-testing

LVE Manager updated



LVE Manager is updated to version 0.9-3.7 and is available from our production repository.

Changelog:

lvemanager 0.9-3.7
  • LVEMAN-342: fixed error while removing lvemanager;
  • LVEMAN-336: fixed error while installing rpm package on old cPanel versions (with no paper_lantern theme);
  • LVEMAN-331: added the ability to hide Python and Ruby Selector icons;
  • LVEMAN-290: changing cwd when executing pip (fixed Permission denied: '/root/.pip' error).
It is possible to hide or show Python and Ruby Selector icons by marking or unmarking proper checkboxes in LVE Manager Options tab.



To update run:

yum update lvemanager

Beta: Alt-PHP updated

Alt-PHP versions 56, 55 and 54 are updated and available from our updates-testing repository.

Changelog:
  • glibc gethostbyname buffer overflow fixed;
  • eliminated the ability to run arbitrary code in some cases.
Alt-PHP 5.6.6:
Alt-PHP 5.5.22:
Alt-PHP 5.4.38:
To update run:

yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: XCache updated



XCache (version 3.2.0) for Alt-PHP 5.6 is available from our updates-testing repository. XCache extensions for Alt-PHP 5.2, 5.3, 5.4 and 5.5 are updated to version 3.2.0 as well.

Changelog:

XCache 3.2.0
  • Reduced memory usage for small or empty files;
  • Added warning about Zend OpCache optimization level incompatibility.
To update run:

yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: MySQL Governor updated



MySQL Governor version 1.0-90 has been released to updates-testing repository.

Changelog:

MySQL Governor 1.0-90
  • MariaDB-common removed in db-governor installation to prevent a conflict.
To update run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ service db_governor restart

To install run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Note: If MySQL Governor (MariaDB) inceases LA on server, make sure you have installed updated MySQL (MariaDB).

New versions of MySQL (MariaDB) released to updates-testing repository:
  • cl-MariaDB101 - 10.1.2-6;
  • cl-MariaDB100 - 10.0.15-14;
  • cl-MySQL56 - 5.6.22-16;
  • cl-MySQL51 - 5.1.73-21;
  • cl-MySQL50 - 5.0.96-20;
  • cl-MySQL55 - 5.5.41-29.
To update MySQL(MariaDB) run:

$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

To install new MySQL(MariaDB) run:

$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

MySQL Governor updated



Happy to announce that MySQL Governor (version 1.0-89) has been moved to production.

Changelog:

MySQL Governor 1.0-89
  • MySQL installation fixed for systems without panels;
  • MySQL stopping on version update fixed.
To update run:

$ yum install governor-mysql
$ service db_governor restart

To install run:

$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Beta: CloudLinux 5 kernel updated



Beta version of new kernel for CloudLinux 5 (version 2.6.18-500.el5.lve0.8.82) is available from our updates-testing repository.

Changelog since kernel-2.6.18-500.el5.lve0.8.81:
  • Linux Kernel's splice() system call parameters validation on certain file systems fixed, which nullifies the risk of system crash because of writing past maximum file size.
To install new kernel please run the following command:

yum install kernel-2.6.18-500.el5.lve0.8.82.el5 --enablerepo=cloudlinux-updates-testing

Pages: Prev. | 1 | 2 | 3 | 4 | 5 | ... | 27 | Next