Blog

Login Register

Beta: mod_lsapi updated



The new version of mod_lsapi (0.2-3) was released to our updates-testing repository.

Changelog:

mod_lsapi 0.2-3
  • cpanel-mod-lsapi and mod_lsapi were merged into one. Now one name is used for installation module for all panels (except DirectAdmin) - mod_lsapi.
To update run:

cPanel & RPM Based:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

To install follow the instructions: http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Bugfix release: OptimumCache 0.2-23



New version of OptimumCache 0.2-23 comes out with major fix for ploop issue - namely, for ploop unclean unmount problem.

OptimumCache 0.2-23 brings ‘optimumcache-collect’ package with it. ‘optimumcache-collect’ is a daemon to accumulate statistics about OptimumCache and system load for further analysis with data mining tools. 'optimumcache-collect' spawns ‘collectl’ daemon instance, which differs from default one in ‘collectl’ package, as far as it has separate config, pid file and custom plugins. Thus, if ‘collectl’ has been already used to collect system statistics, there shall be no interference with it.

Changelog:

OptimumCache 0.2-23
  • ploop mount/unmount problem fixed;
  • ploop mount/unmount dependency resolved - “failed to attach peer” error fixed;
  • requires ‘optimumcache-collect’ package (will be installed along).
To update run:

# yum update optimumcache --enablerepo=cloudlinux-updates-testing

LVE Manager updated



LVE Manager is updated to version 0.9-3.7 and is available from our production repository.

Changelog:

lvemanager 0.9-3.7
  • LVEMAN-342: fixed error while removing lvemanager;
  • LVEMAN-336: fixed error while installing rpm package on old cPanel versions (with no paper_lantern theme);
  • LVEMAN-331: added the ability to hide Python and Ruby Selector icons;
  • LVEMAN-290: changing cwd when executing pip (fixed Permission denied: '/root/.pip' error).
It is possible to hide or show Python and Ruby Selector icons by marking or unmarking proper checkboxes in LVE Manager Options tab.



To update run:

yum update lvemanager

Beta: Alt-PHP updated

Alt-PHP versions 56, 55 and 54 are updated and available from our updates-testing repository.

Changelog:
  • glibc gethostbyname buffer overflow fixed;
  • eliminated the ability to run arbitrary code in some cases.
Alt-PHP 5.6.6:
Alt-PHP 5.5.22:
Alt-PHP 5.4.38:
To update run:

yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: XCache updated



XCache (version 3.2.0) for Alt-PHP 5.6 is available from our updates-testing repository. XCache extensions for Alt-PHP 5.2, 5.3, 5.4 and 5.5 are updated to version 3.2.0 as well.

Changelog:

XCache 3.2.0
  • Reduced memory usage for small or empty files;
  • Added warning about Zend OpCache optimization level incompatibility.
To update run:

yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: MySQL Governor updated



MySQL Governor version 1.0-90 has been released to updates-testing repository.

Changelog:

MySQL Governor 1.0-90
  • MariaDB-common removed in db-governor installation to prevent a conflict.
To update run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ service db_governor restart

To install run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Note: If MySQL Governor (MariaDB) inceases LA on server, make sure you have installed updated MySQL (MariaDB).

New versions of MySQL (MariaDB) released to updates-testing repository:
  • cl-MariaDB101 - 10.1.2-6;
  • cl-MariaDB100 - 10.0.15-14;
  • cl-MySQL56 - 5.6.22-16;
  • cl-MySQL51 - 5.1.73-21;
  • cl-MySQL50 - 5.0.96-20;
  • cl-MySQL55 - 5.5.41-29.
To update MySQL(MariaDB) run:

$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

To install new MySQL(MariaDB) run:

$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

MySQL Governor updated



Happy to announce that MySQL Governor (version 1.0-89) has been moved to production.

Changelog:

MySQL Governor 1.0-89
  • MySQL installation fixed for systems without panels;
  • MySQL stopping on version update fixed.
To update run:

$ yum install governor-mysql
$ service db_governor restart

To install run:

$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Beta: CloudLinux 5 kernel updated



Beta version of new kernel for CloudLinux 5 (version 2.6.18-500.el5.lve0.8.82) is available from our updates-testing repository.

Changelog since kernel-2.6.18-500.el5.lve0.8.81:
  • Linux Kernel's splice() system call parameters validation on certain file systems fixed, which nullifies the risk of system crash because of writing past maximum file size.
To install new kernel please run the following command:

yum install kernel-2.6.18-500.el5.lve0.8.82.el5 --enablerepo=cloudlinux-updates-testing

LVE Manager with Python Ruby Selector for CL6, CageFS and others - updated



Happy to announce that lvemanager (version 0.9-3.2), cagefs (version 5.3-6), pam_lve version 0.3-8, python-cllib (version 1.1-10), alt-mod-passenger (version 4.0.50-10, ClouLinux 6 only), alt-ruby, alt-python and alt-python-virtualenv are updated and available from our production repository.

Changelog:

lvemanager 0.9-3.2
  • "Python Ruby Selector" feature added to selectorctl utility;
  • "Setup Python App" and "Setup Ruby App" plugins added for cPanel;
  • LVEMAN-293: selectorctl works in CageFS (for Python and Ruby interpreters);
  • LVEMAN-309: cronjob cache_rubygems.py sends email if no alt-ruby installed;
  • LVEMAN-308: broken "/usr/bin/cl-selector --update-backup" as it takes first found link - fixed;
  • LVEMAN-328: fixed creation of /var/lve/rubygems and /var/lve/pypindex;
  • LVEMAN-324: prevented entering 'system' or public_html directories in application path;
  • LVEMAN-325: added the ability to remove ruby module in firefox.
cagefs 5.3-6
  • CAG-339: cagefsctl --disable, --disable-all, --disable-cagefs do destroy_lve/apply_lve;
  • CAG-337: removed cron dependency;
  • CAG-338: /var/passenger and /opt mounts added to /etc/cagefs/cagefs.mp by default.
pam_lve 0.3-8
  • Does not call init_lvetoken twice;
  • PAMLVE-3: removed cron dependency removed.
python-cllib 1.1-10
  • Fixed blank lines handling in setup_mount_dir_cagefs();
  • CageFS present more reliably;
  • Feature setup_mount_dir_cagefs() with prefix argument;
  • PTCLLIB-24: added ability to get e-mail address for admin via cpapi (for CPanel);
  • Added function to setup mount dir for CageFS;
  • PyYAML fixed for 'native' and 'alternative' packages;
  • PTCLLIB-23: universal spec file developed for python-cllib & alt-python27-cllib;
  • PTCLLIB-21: added the ability to attach custom plugins for CloudLinux control panel api (clcommon.cpapi).
alt-mod-passenger 4.0.50-10 (CL6 only)
  • enter_lve_flags for Ruby app default spawn method added;
  • enter_lve_flags in PassengerHelperAgent added;
  • Added PassengerLveMinUid to Apache config;
  • Added missed alt-ruby21-devel dependency;
  • Once CageFS is installed - run client application in jail;
  • Spec file fixed (added /opt/passenger to %files section);
  • Added pre-creating dir for apache conf files in handle_module.py;
  • Added dependencies for alt-ruby21-rubygem-rake and alt-ruby21-rubygem-rack;
  • Added 'AutoReq: 0' to avoid automatic dependencies;
  • Ruby interpreter changed to an alternative one.
alt-python27, 33, 34
  • created cache of extensions for Selector while install or update of alt-python packages.
alt-ruby 18, 19, 20, 21
  • created cache of extensions for Selector while install or update of alt-ruby packages;
  • updated patchlevel to 551, 598 and 2.1.5 respectively (fix CVE-2014-8090).
To install:
yum install lvemanager alt-python-virtualenv alt-mod-passenger

To use Python Selector, please run:
yum groupinstall alt-python

To use Ruby Selector, please run:
yum groupinstall alt-ruby

After install of the packages please execute
cagefsctl --force-update

liblve updated


New update for liblve (version 1.3-1.7) is available from our production repository.

Changelog:

liblve 1.3-1.7
  • revert lve_setup_enter function behaviour;
  • changed way in which lve_setup_enter treats ls_cpu limit from higher back to lower; to save the ability to use higher limits LIBLVE_SETTINGS_LS_CPU_HIRES flag is added. This flag has meaning only for lve_setup_enter function, lve_setup accepts ONLY high resolution limit;
  • Fixed creation of unnecessary threads on CL5.
To update run:
yum update lve liblve liblve-devel

Beta: mod_lsapi 0.1-100, Governor 1.0-88


New beta versions of Governor 1.0-88 and mod_lsapi 0.1-100 are available from our updates-testing repository.

Changelog:

Governor 1.0-88
  • CloudLinux 7 adaptation;
  • Fixed MySQL service stopping on MySQL version update (or MySQL install).
To update run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ service db_governor restart

To install run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

mod_lsapi 0.1-100
  • Fix for different php handlers without PHP selector;
  • Fix for lsphp socket creating (broken in previous version of package).
To update:

cPanel:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:

$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Beta: alt-php55-suhosin and alt-php56-suhosin


Happy to announce that alt-php55-suhosin and alt-php56-suhosin for CL5, CL6 and CL7 are avilable from our updates-testing repository.

To install run:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

Beta: mod_lsapi updated


New version of mod_lsapi (0.1-99) is available from our updates-testing repository.

Changelog:

mod_lsapi 0.1-99
  • Problems with PATH environment variable fixed.
To update:

cPanel:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:

$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Beta: New kernel for CloudLinux 5


Beta version of new kernel for CloudLinux 5 is available.

Changelog since kernel-2.6.18-498.el5.lve0.8.80:
  • rebase to 2.6.18-400.el5.028stab117.2.
To install new kernel please run the following command:

$ yum install kernel-2.6.18-500.el5.lve0.8.81.el5 --enablerepo=cloudlinux-updates-testing

Bugfix release: OptimumCache 0.2-22


New version of OptimumCache 0.2-22 with fresh fixes and improvements is available from our updates-testing repository.

Changelog:

OptimumCache 0.2-22
  • Important fix for “Failed to attach peer” issue;
  • Multiple arguments support in 'occtl --[un]mark-dir ...’;
  • Skipmasks updates;
  • Communicate recommended cache capacity via syslog, if current capacity is not enough for optimal cache refill cycle.
To update run:
# yum update optimumcache --enablerepo=cloudlinux-updates-testing

Beta: Alt-PHP updated


Updates for alt-php are available from our updates-testing repository.

Changelog:
  • PECL extensions updated:
    • xdebug updated to 2.2.7;
    • timezonedb updated to 2015.1;
    • mongo updated to 1.6.0;
    • added libevent and jsmin extensions.
To update run:

yum groupupdate alt-php

Beta: mod_lsapi updated

Happy to announce that mod_lsapi 0.1-98 was released to updates-testing repository.

Changelog:

mod_lsapi 0.1-98
  • Added servicing common php pages under user apache(nobody) which was forbidden in previous version of mod_lsapi.
To update:

cPanel:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:

$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Beta: CloudLinux 7 beta 1


First beta of CloudLinux 7 is available. Please, note that it should not be used on production machines. While majority of functionality is working, there are still some critical issues that need to be fixed.
In particular: cagefsctl --remount/--remount-all and lvectl --destroy will cause soft CPU lockup.
We expect to have a fix for it within 2 weeks.

We expect production version to be ready early in April 2015
Features missing from Beta and their ETA:
  • /proc security -> Feb 20th
  • secure links -> Feb 20th
  • alt-php 5.2/5.1 -> March 10th (5.3+ are already ported)
  • alt-php 4.4 -> No ETA
  • OptimumCache -> Q2 2015
  • yum-fastestmirror plugin -> March 15, 2015
  • secure uefi boot -> Q2 2015
  • Upgrade from CL6 to CL7 -> April 2015
All other functionality, including MySQL governor, mod_lsapi & PHP/Ruby/Python sectors should work

The best way to go is to convert CentOS 7 server:
# wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
# ./cldeploy --beta -k <key>

Alternatively, you can download and install from ISO image:
http://repo.cloudlinux.com/cloudlinux/7/iso/x86_64/CloudLinux-DVD-x86_64-latest.iso

GLIBC GHOST - do you really have to reboot?

I see a lot of confusing information is making rounds on the need to reboot due to GLIBC GHOST bug. Do you really need to restart 'vulnerable services' or reboot the server?

Well, of course you have to restart vulnerable services, yet there is no need to restart the whole server - if you know what it is running (and in shared hosting - we actually do).

First of all - not all services that use glibc need to be restarted. Only services that use gethostbyname. That function is used to resolve internet host name to IP address.
Now, to exploit this function, attacker needs to be able to able to feed specially crafted 'host name' to the service. And service needs to process it without validating it first.
That is not a common condition. For example /sbin/init, while using glibc will not be exploitable at all using such bug. So, no need to restart it.

So, what can be potentially exploitable, and should be restart:
1. Exim: only when it is configured to resolve remote host name. Restart it.
2. Apache - apache itself is not exploitable, but some modules might be checking remote hosts - so, why not restart it. You should also restart php FPM, mod_lsapi daemon if you are running it in self_starter mode. Restart it just in case
3. LiteSpeed - restart it just in case.
4. Nginx - it is not vulnerable, and most common configurations I have seen on shared hosts will not be vulnerable as well - but given how cheap it is to restart it -- restart it.
5. cPanel (or your favorite brand of control panel) - yes, worth it, including cpHulkd. They might be not vulnerable at all - but with closed source software -- you never know, and such restart is once again - cheap.
6. PostgreSQL - we don't really know, so restart it just in case.
7. OpenSSH -- it is considered safe, but if you want to be really safe -- restarting openssh doesn't require any server downtime.
8. Postfix/sendmail - most likely it is safe, but same as with OpenSSH -- restarting it doesn't take much.

Proftpd, pure-ftpd,vsftpd,xinetd, tcp_wrappers, rsyslogd,mysql/mariadb --> are all considered safe - but should be easy to restart if you feel like it.

So, why so many people are coming out with advise to reboot the server? Unlike shared hosting servers -- generic servers run wide range of software -- and it is really hard to predict which software vulnerable and which are not. So, for them - best way to go is to reboot.
In shared hosting -- not as important.

To add to that: As it is not a kernel level vulnerability -- KernelCare will not help with it today. Yet, we are starting to work on ability to patch such vulnerabilities using KernelCare in the future.

Beta: python-cllib and alt-mod-passenger updated

New versions of python-cllib (1.1-10) and alt-mod-passenger (4.0.50-9) are available from our updates-testing repository.

Changelog:

python-cllib 1.1-10
  • Fixed blank lines handling in /etc/cagefs/cagefs.mp.
alt-mod-passenger 4.0.50-10
  • Increased python-cllib dependency.
To update run:

yum update python-cllib alt-mod-passenger --enablerepo=cloudlinux-updates-testing

GLIBC GHOST remote vulnerability - CVE-2015-0235

Hello Everyone,

There is a new remote vulnerability in glibc under CVE-2015-0235. The bug is in __nss_hostname_digits_dots() function, which is used by the gethostbyname().
It is a buffer overflow vulnerability, that allows attacker to execute arbitrary code.
Updated packages had been relesed for CL6 & CL5. Please, make sure to update.

Updated CL5 GLIBC version:

glibc-2.5-123.el5_11.1


Updated CL6 GLIBC version:
glibc-2.12-1.149.el6_6.5

To update:
$ yum update glibc

So far there is a proof of concent that can use this vulnerability against Exim servers. While initial investigation by Qualys reports that there is no way to exploit following services to the best of their knowledge, we still recommend to update for everyone.
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd.

Beta: alt-php updated

alt-php packages were updated to the latest version.


Changelog:
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: alt-ruby 18 1.8.7-3

New version of alt-ruby is available from our updates-testing repository.

Changelog:

alt-ruby 18 1.8.7-3
  • alt-ruby install doesn't brake system ruby when installed;
  • alt-rubyXX-devel packages added to alt-ruby group.
To update run:

yum groupupdate alt-ruby --enablerepo=cloudlinux-updates-testing

Beta: mod_lsapi updated

mod_lsapi 0.1-97 was released to updates-testing repository.

Changelog:

mod_lsapi 0.1-97
  • Added patching SSL domain for cPanel on command --enable-domain.
To update:

cPanel:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:

$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

MySQL Governor 1.0-86 updated

MySQL Governor 1.0-86 moved from updates-testing repository to stable.

Changelog:
  • Added fix of dbuser-map file reading;
  • Added logging of dbuser-map file reading;
  • Added fix for MariaDB 10.1-devel package.
To update run:

$ yum update governor-mysql
$ service db_governor restart

To install:
$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Pages: Prev. | 1 | 2 | 3 | 4 | 5 | ... | 26 | Next