Blog

Login Register

Beta: alt-php updated

alt-php packages were updated to the latest version.


Changelog:
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: alt-ruby 18 1.8.7-3

New version of alt-ruby is available from our updates-testing repository.

Changelog:

alt-ruby 18 1.8.7-3
  • alt-ruby install doesn't brake system ruby when installed;
  • alt-rubyXX-devel packages added to alt-ruby group.
To update run:

yum groupupdate alt-ruby --enablerepo=cloudlinux-updates-testing

Beta: mod_lsapi updated

mod_lsapi 0.1-97 was released to updates-testing repository.

Changelog:

mod_lsapi 0.1-97
  • Added patching SSL domain for cPanel on command --enable-domain.
To update:

cPanel:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:

$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

MySQL Governor 1.0-86 updated

MySQL Governor 1.0-86 moved from updates-testing repository to stable.

Changelog:
  • Added fix of dbuser-map file reading;
  • Added logging of dbuser-map file reading;
  • Added fix for MariaDB 10.1-devel package.
To update run:

$ yum update governor-mysql
$ service db_governor restart

To install:
$ yum install governor-mysql
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Beta: New CL6 kernel 2.6.32-531.29.2.lve1.3.11.1

This is a bug fix release for lve1.3.11 kernel.

Changes:
  • Fix for invalid load averages calculation
  • crrected error handing for radix tree preload
To install:
CL6:
$ yum install kernel-2.6.32-531.29.2.lve1.3.11.5.el6 kmod-lve-1.3-11.5.el6 --enablerepo=cloudlinux-updates-testing

Hybrid:
$ yum install kernel-2.6.32-531.29.2.lve1.3.11.5.el5h kmod-lve-1.3-11.5.el5h --enablerepo=cloudlinux-hybrid-testing

Beta: lvemanager 0.9-3, python-cllib 1.1-9, alt-mod-passenger 4.0.50-9

New versions of lvemanager, python-cllib and alt-mod-passenger are available from our updates-testing repository.

Changelog:

lvemanager 0.9-3
  • LVEMAN-293 ARPS: selectorctl now work in CageFS;
  • LVEMAN-309: cronjob cache_rubygems.py doesn't send email if no alt-ruby installed;
  • LVEMAN-308: "/usr/bin/cl-selector --update-backup" fixed.
python-cllib 1.1-9
  • CageFS is detected more reliably.
alt-mod-passenger 4.0.50-9
  • LVEMAN-307: enter_lve_flags for Ruby app default spawn method is done;
  • PassengerLveMinUid default is set to 500.
To update run:

yum update lvemanager python-cllib alt-mod-passenger --enablerepo=cloudlinux-updates-testing

CLN server maintenance scheduled for Jan 15th, 2015 at 1am EST

We will be performing maintenance for CLN.cloudlinux.com server that can take up to 1 hour. During the maintenance you might experience intermittent issues with server registrations and yum functionality.

Beta: MySQL Governor 1.0-86

New version of MySQL Governor is available from our updates-testing repository.

Changelog:

MySQL Governor 1.0-86
  • Added fix of dbuser-map file reading;
  • Added logging of dbuser-map file reading;
  • Added fix for MariaDB 10.1-devel package.
To update run:

$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ service db_governor restart

To install run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

Bugfix release: OptimumCache 0.2-20

New version of OptimumCache 0.2-20 is available with fresh fixes.

Root will stop receiving message “Failed to stat... No such file or directory” from cron job, that was signalling about race condition in cached files management.

From now on OptimumCache collects it’s own performance metrics into file named /var/log/optimumcache_perf. This feature is designed to help support in diagnosing problems with OptimumCache performance on some deploys.

To update run:

# yum update optimumcache --enablerepo=cloudlinux-updates-testing

KernelCare support for Ubuntu 14.04 LTS (Trusty Tahr) added

We have added KernelCare support for Ubuntu 14.04 LTS (Trusty Tahr)

As of now we support:
RHEL/CentOS 5, 6 & 7
CloudLinux 5, 6, 5hybrid
Debian 6, 7
Ubuntu 14.04

Beta: Alt-PHP updated

Updates for alt-php are available from updates-testing repository.

Changelog:
  • ioncube_loader updated to 4.7.3;
  • sourceguardian updated to 10.1.3;
  • Added PEAR extensions for alt-php56:
    • Auth_SASL,
    • Mail,
    • Mail_Mime,
    • Mail_mimeDecode,
    • Net_IDNA2,
    • Net_SMTP,
    • Net_Socket.
To update run:
yum groupupdate alt-php

Beta: mod_lsapi updated

New version of mod_lsapi (0.1-96) is available from our updates-testing repository.

Changelog:

mod_lsapi 0.1-96
  • LSAPI Protocol SendHeader bugfix;
  • Rules for lsphp added to lfd config.
To update run:

cPanel:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing
$ service httpd restart

DirectAdmin:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:
$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:
http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

LVE Manager 0.8-1.47.15 moved to stable

Happy to announce that the latest version of lvemanager 0.8-1.47.15 is now moved to stable.

Changelog:

lvemanager 0.8-1.47.15
  • LVEMAN-258: CPU resources were limited for your site message. Even when CPU limit was not hit - fixed;[LIST]
  • LVEMAN-278: "Selectl PHP Version" option now has icon in Paper Lantern theme on new installation of CPanel 11.46;[LIST]
  • LVEMAN-275: "Select PHP Version" option is available on new installation of CPanel 11.46.
To update run:

yum update lvemanager

Bugfix release: OptimumCache 0.2-18

New version of OptimumCache 0.2-16 comes with a bugfix for an issue, when syslog was flooded with 'Csum differ for ...Write collision' message. With this fix, as soon as number of files with invalid checksum reaches some threshold, the server is stopped and ‘occtl --check’ command is scheduled to be run in background. Upon occtl --check command completion, OptimumCache is restarted again.

To update run:

# yum update optimumcache --enablerepo=cloudlinux-updates-testing

Beta: Python Ruby Selector (for CL6)

New updates for lvemanager, pam_lve, python-cllib, cagefs, alt-mod-passenger are available from our updates-testing repository.

Changelog:

lvemanager 0.9-1
  • added "Python Ruby Selector" feature to selector ctl utility;
  • added "Setup Python App" and "Setup Ruby App" plugins for CPanel.
pam_lve 0.3-8
  • do not call init_lvetoken twice (bugfix);
  • PAMLVE-3: removed cron dependency.
python-cllib 1.1-8
  • Feature setup_mount_dir_cagefs() with prefix argument;
  • PTCLLIB-24: added ability to get e-mail address for admin via cpapi (for CPanel);
  • Added function to setup mount dir for CageFS;
  • fix PyYAML requires for 'native' and 'alternative' packages;
  • PTCLLIB-23: universal spec file for python-cllib & alt-python27-cllib developed;
  • PTCLLIB-21: Added the ability to attach custom plugins for CloudLinux control panel api (clcommon.cpapi).
cagefs 5.3-6
  • CAG-339: cagefsctl --disable, --disable-all, --disable-cagefs do destroy_lve/apply_lve;
  • CAG-337: cron dependency removed;
  • CAG-338: added /var/passenger and /opt mounts to /etc/cagefs/cagefs.mp by default.
alt-mod-passenger 4.0.50-8
  • Do enter_lve_flags in PassengerHelperAgent;
  • Added PassengerLveMinUid to Apache config;
  • Added missed alt-ruby21-devel dependency;
  • Once CageFS is installed - run client application in jail;
  • Fixed spec file (added /opt/passenger to %files section);
  • Added pre-creating dir for apache conf files in handle_module.py;
  • Added dependencies for alt-ruby21-rubygem-rake and alt-ruby21-rubygem-rack;
  • Added 'AutoReq: 0' to avoid automatic dependencies;
  • Ruby interpreter changed to an alternative one.
To install run:
yum install lvemanager alt-python-virtualenv alt-mod-passenger --enablerepo=cloudlinux-updates-testing

To use Python Selector, please run:
yum groupinstall alt-python --enablerepo=cloudlinux-updates-testing

To use Ruby Selector, please run:
yum groupinstall alt-ruby --enablerepo=cloudlinux-updates-testing

Governor-MySQL, MySQL and MariaDB packages moved to stable

Governor-MySQL 1.0-83, MySQL and MariaDB packages moved from Beta to Updates repository.

Changelog:

Governor-MySQL 1.0-83

  • Fixed conflict with compat-MySQL51-shared;
  • Fixed conflict with compat-MySQL50-shared.
To update run:

yum update governor-mysql

To install, follow: http://docs.cloudlinux.com/index.html?installation3.html

Updated MySQL(5.0.96, 5.1.73, 5.5.41, 5.6.22) and MariaDB(5.5.40, 10.0.15, 10.1.2) packages moved from Beta to Updates repository.

Beta: mod_lsapi 0.1-95

mod_lsapi 0.1-95 is available from our updates-testing repository.

Changelog:

mod_lsapi 0.1-95
  • Client get_body enhancements;
  • Backends won't be killed on APACHE2_4 restart;
  • Selfstarter kill detection added;
  • Config merge for VirtualHosts bugfix;
  • lsapi_selfstarter option removed;
  • lsapi_backend_children changed to 80;
  • Starter pid log output added;
  • sulsphp_log location for DA changed;
  • selfstarter mode always enabled;
  • Log request_rec on send_request error;
  • lsapi_do_request redesign;
  • lsphp response code used;
  • PHP error pages displayed;
  • Fatal error log processed correctly;
  • Fix 500 Internal server error on 200 Ok page;
  • 30x codes processing added.
To update
cPanel:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing

DirectAdmin:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build mod_lsapi

RPM based:
$yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:
http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Beta: Governor-MySQL updated

Governor-MySQL 1.0-80 is available from our updates-testing repository.

Changelog:

Governor-MySQL 1.0-80

  • Added fix for MariaDB 10.0-devel package (error appeared on cPanel EasyApache rebuild);
  • Added detection of mysql55w.
To update run:

$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

To install, follow: http://docs.cloudlinux.com/index.html?installation3.html

Alt-PHP updated

Updates for alt-php are moved to our production channels.

Changelog:
To update run:

yum groupupdate alt-php

Beta: lvemanager updated

New updates for our LVE Manager (version 0.8-1.47.15) are available from our beta repository.

Changelog:

lvemanager 0.8-1.47.15

  • LVEMAN-258: CPU resources were limited for your site message, even when CPU limit was not hit.
To update run:

yum update lvemanager --enablerepo=cloudlinux-updates-testing

Bugfix release: OptimumCache 0.2-16

New version of OptimumCache 0.2-16 with usability improvements is available.

Changelog:

OptimumCache 0.2-16

‘occtl --mark-dir…’ and ‘occtl --check...’ commands are now queued as background jobs via ‘batch’ to minimize workload. That is because atd/batch pops out a command from the queue for execution only when system load average coefficient drops below certain value. To see what have been queued, standard atd commands can be used: ‘atq -q b’ and ‘at -c <job id>’.

A fix was added to prevent flooding client syslog with 'Csum differ for ...Write collision' message.

To update run:

# yum update optimumcache --enablerepo=cloudlinux-updates-testing

New CL5 kernel with fix for CVE-2014-9322

New kernel 2.6.18-498.el5.lve0.8.80 is available for CloudLinux 5.x

Changelog:
  • Fix for CVE-2014-9322
To update:
$ yum install kernel-2.6.18-498.el5.lve0.8.80

If you use KernelCare - patch will be ready in production by tomorrow morning. If you want to test the patch now, you can do it by running:
$ kcarectl --update --test

CL6 / Hybrid kernel update 2.6.32-531.29.2.lve1.3.11.1 fixes CVE-2014-9322

New kernel for CL6/Hybrid available for stable channel. The kernel fixes local privilege escalation vulnerability CVE-2014-9322. Everyone is recommended to update.

Changelog:
  • Fix for CVE-2014-9322
  • Fix in memory management should improve NFS performance
To update CL6 servers run:
$ yum install kernel-2.6.32-531.29.2.lve1.3.11.1.el6

To update hybrid servers run:
$ yum install kernel-2.6.32-531.29.2.lve1.3.11.1.el5h

KernelCare patch that fixes CVE-2014-9322 issue had been released. If you would like to get KernelCare subscription, you can order it from your cln.cloudlinux.com account

KernelCare local privilege escalation patch for PCS/OpenVZ/CL6/CL5h/CentOS6/RHEL6 CVE-2014-9322

This update includes patch for CVE-2014-9322 vulnerability. I am sorry about unusual delay with this patch. This patch was the most complex patch we have seen so far. It was in assembler code, while most patches are in C. It was altering how interrupt handlers work. It is highly unusual, and there were no such security patches in the past 3 years. We had to add special handing to our patch generation software to accommodate for that, and it took as significant amount of time to get there. While we started more then 24 hours before (4 days ago) any vendors released updated kernels, it is only now that we have a working patch. From now on we should be able to handle such patches with ease.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.



You can manually update the server by running:
# /usr/bin/kcarectl --update


CVEs: CVE-2014-9322 CVE-2014-6410 CVE-2012-6657 CVE-2014-5471, CVE-2014-5472


Details:
  • CVE-2014-9322 x86: local privesc due to bad_iret and paranoid entry incompatibility
    A flaw was found in the way the kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
  • CVE-2012-6657 net: guard tcp_set_keepalive against crash
    It was found that the kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system.
  • CVE-2014-5471 isofs: unbound recursion when processing relocated directories
    It was found that the parse_rock_ridge_inode_internal() function of the kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.
  • CVE-2014-5472 isofs: unbound recursion when processing relocated directories
    It was found that the parse_rock_ridge_inode_internal() function of the kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.

  • CVE-2014-6410 udf: Avoid infinite loop when processing indirect ICBs
    A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.

KernelCare CVE-2014-9322 patch

Update: The patch has been released on Dec 18, 2014 at 1pm ET. You can read more about it here: http://www.cloudlinux.com/blog/clnews/kernelcare-local-privilege-escalation-patch-for-pcsopenvzcl6cl5hcentos.php

We have received numerous requests for CVE-2014-9322 patch. Right now we are running burn in tests that should finish in a few hours. This patch was the most complex patch so far. It was in assembler code, while most patches are in C, and it was altering how interrupt handlers work. It is highly unusual, and there were no such security patches in the past 3 years. We had to add special handing to our patch generation software to accommodate for that, and it took as significant amount of time to get there. While we started more then 24 hours before (4 days ago) any vendors released updated kernels, it is only now that we have a working patch. From now on we should be able to handle such patches with ease.

If you want to test the patch now, please, run (there is a slight chance of crash, as it burn in tests are yet to finish):
$ kcarectl --update --test

Or wait -- and within next 2-6 hours your system should get updated.

Pages: Prev. | 1 | 2 | 3 | 4 | 5 | ... | 25 | Next