Blog

Login Register

beta: LVE Manager update for Plesk

New beta release fixes two issues with Plesk discovered in the latest version.

lvemanager-0.8-1.32.5
  • LVEMAN-212 fix: Defaults values in Edit package page are incorrect for Plesk -> Lvemanager
  • LVEMAN-211 fix: Accounts page fails in Plesk
To update:
$ yum update lvemanager --enablerepo=cloudlinux-updates-testing

Production & beta: alt-php release


New versions of alt-php were released. Production channels have PHP versions updated for PHP 5.4 & 5.5
Beta repository in addition to version upgrades, has new mysqlnd support, updated percona server support & readline support enabled

Changelog:To update production version:
$ yum groupinstall alt-php

To update from beta:
$ yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

Beta: CL6/Hybrid kernel 2.6.32-531.23.3.lve1.2.65

New beta kernel for CL6/Hybrid is available.

Changelog:
To update CL6 sservers:

$ yum install kernel-2.6.32-531.23.3.lve1.2.65.el6 kmod-lve-1.2-69.el6 --enablerepo=cloudlinux-updates-testing

To update hybrid servers:
$ yum install kernel-2.6.32-531.23.3.lve1.2.65.el5h kmod-lve-1.2-69.el5h --enablerepo=cloudlinux-updates-testing

lve-utils, cagefs and LVE Manager updated

The new release contains a number of bug fixes and minor improvements.



Changelog:
lve-utils-1.4-18.10
  • LVEMAN-200 part2: refactor code, add handling of OSError exception
  • LU-102: improve DirectAdmin detection
  • LVEMAN-200 - LVEManager licensing screen should detect when license was updated
  • LU-105: getcontrolpaneluserspackages: do not fail when user has no package assigned on Plesk
  • LVEMAN-202: LVE Manager not showing limits on Plesk when subscription is without plan
  • LU-104: crons/kill_orphaned_php-cron: do not kill /home/interworx/bin/php processes
  • LU-103: backport of LU-99 task (encoding error in lvectl on DirectAdmin, Plesk)
  • LU-98: crons/kill_orphaned_php-cron: do not kill lsphp processes
cagefs-5.2-36.3
  • increased required version of lve-utils
  • CAG-312: /usr/sbin/cpanel-compile-suexec.sh fails to rebuild suexec
  • added --force-update-etc option to help message
  • CAG-296: do not write /etc/rsyslog.d/schroot.conf file on RPM update
  • CAG-302: cagefsctl --setup-cl-selector: specify path to native php.ini (using -c option) while executing php -qm
  • CAG-308: handle ClPwd.NoSuchUserException exception
  • CAG-310: do not change permissions of /etc/cagefs/custom.etc subdirectories and files
lvemanager-0.8-1.32.3
  • LVEMAN-205 fix: backport of LVEMAN-204 task (LVE Manager in Plesk fails if package names longer then 30 symbols)
  • LVEMAN-200 - LVEManager licensing screen should detect when license was updated
  • LVEMAN-198 - Add conflicts for PHP MySQLND modules
  • LVEMAN-197 fix: LVE Manager fails on Plesk old versions
To Update:
$ yum update cagefs lvemanager lve-utils

Beta: MySQL Governor 1.0-75

New version of MySQL Governor adds MariaDB 10.0 support, and adds a number of bug fixes and improvements.

Changelog:
  • Added support for MariaDB 10.0
  • DirectAdmin: read socket options from mysql.conf
  • DirectAdmin: fix issue with user without UID in dbuser-map
  • Added request logging before restrict
  • Detect and remove percona packages on install
To update

$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

To install, follow: http://docs.cloudlinux.com/index.html?installation3.html

To switch to MariaDB 10.0
$ /usr/share/lve/dbgovernor/db-select-mysql --mysql-version=mariadb100
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

To enable request logging before restrict, change file:
/etc/container/mysql-governor.xml
set <logqueries use="before"></logqueries>
and restart governor

Beta: alt-php update

New update for alt-php is available from our beta repository

Changelog:
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

KernelCare - update for PCS, Virtuozzo, OpenVZ, CentOS/RHEL/CloudLinux 6

New patches provide a fix for PSBM-27792 for all VZ kernels, as well as well as PSBM-28403 for 2.6.32-042stab092.1 to 2.6.32-042stab092.3 kernels. It brings all the kernels in line with the latest vzkernel-2.6.32-042stab083.4 kernel
CentOS/RHEL/CL 6 systems are patched against CVE-2014-2706.
Additionally, we are starting to display effective kernel number with a '+' at the end, to designate that the kernel was patched beyond latest stable kernel.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

CVEs: CVE-2014-2706

Details:
  • CVE-2014-2706 mac80211: fix AP powersave TX vs. wakeup race
    A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.
  • PSBM-27792, #2644 - ve/net/netfilter/ipset: prohibit ipset from the inside CT
    fixes netfilter Denial of service vulnerability in isset netfilter module
  • PSBM-28403, #3035 sched: fix output of vestat:idle
    /proc/vz/vestat IDLE cpu usage information was not virtualized, providing information for the whole hardware node, instead of individual container

Revised: lve-stats, lve-utils, cagefs and LVE Manager updated

[corrected Aug 18/ 2014]

This is correction for the announcement from August 14th. Only lve-stats package had been released to production. The rest of the packages were released to beta repository.

To update lve-stats, please run:
$ yum update lve-stats

To update all other packages, run:
$ yum update cagefs lvemanager lve-utils --enablerepo=cloudlinux-updates-testing

Changelog:
lve-stats-0.10-31.7
  • LVESTATS-41: statsnotify-cron is set incorrectly
  • LVESTATS-47: Added json dumping; added lve destroyer; don't print anything when destroying LVE
lve-utils-1.4-18.10
  • LVEMAN-200 part2: refactor code, add handling of OSError exception
  • LU-102: improve DirectAdmin detection
  • LVEMAN-200 - LVEManager licensing screen should detect when license was updated
  • LU-105: getcontrolpaneluserspackages: do not fail when user has no package assigned on Plesk
  • LVEMAN-202: LVE Manager not showing limits on Plesk when subscription is without plan
  • LU-104: crons/kill_orphaned_php-cron: do not kill /home/interworx/bin/php processes
  • LU-103: backport of LU-99 task (encoding error in lvectl on DirectAdmin, Plesk)
  • LU-98: crons/kill_orphaned_php-cron: do not kill lsphp processes
cagefs-5.2-36.3
  • increased required version of lve-utils
  • CAG-312: /usr/sbin/cpanel-compile-suexec.sh fails to rebuild suexec
  • added --force-update-etc option to help message
  • CAG-296: do not write /etc/rsyslog.d/schroot.conf file on RPM update
  • CAG-302: cagefsctl --setup-cl-selector: specify path to native php.ini (using -c option) while executing php -qm
  • CAG-308: handle ClPwd.NoSuchUserException exception
  • CAG-310: do not change permissions of /etc/cagefs/custom.etc subdirectories and files
lvemanager-0.8-1.32.3
  • LVEMAN-205 fix: backport of LVEMAN-204 task (LVE Manager in Plesk fails if package names longer then 30 symbols)
  • LVEMAN-200 - LVEManager licensing screen should detect when license was updated
  • LVEMAN-198 - Add conflicts for PHP MySQLND modules
  • LVEMAN-197 fix: LVE Manager fails on Plesk old versions

Beta: New CL6 and Hybrid Kernel

New beta kernel kernel-2.6.32-531.17.1.lve1.2.63 is available.

Changelog:
  • rebase to vzkernel-2.6.32-042stab092.3;
  • jbd2: drop checkpoint mutex when waiting in __jbd2_log_wait_for_space();

To update:
CL6
$ yum install kernel-2.6.32-531.20.3.lve1.2.64.el6 kmod-lve-1.2-68.el6 --enablerepo=cloudlinux-updates-testing


Hybrid:
yum install kernel-2.6.32-531.20.3.lve1.2.64.el5h kmod-lve-1.2-68.el5h --enablerepo=cloudlinux-hybrid-testing

KernelCare update for CentOS/RHEL 7, CentOS/RHEL 5, and CloudLinux hybrid kernel

CentOS/RHEL 7 kernels are patched to latest 3.10.0-123.6.3 kernel.
CentOS/RHEL 5 kernel patches were updated to correctly handle systems with aacraid devices
CloudLinux 5 hybrid kernel patches were updated to correctly handle stuck khungtask threads

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

CVEs: CVE-2014-0181, CVE-2014-2672, CVE-2014-2706, CVE-2014-4667

Details:
  • CVE-2014-0181 net: Use netlink_ns_capable to verify the permisions of netlink messages
    It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.
  • CVE-2014-2672 ath9k: protect tid->sched check
    It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter.
  • CVE-2014-2706 mac80211: fix AP powersave TX vs. wakeup race
    A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.
  • CVE-2014-4667 sctp: Fix sk_ack_backlog wrap-around problem
    The sctp_association_free function in net/sctp/associola.c in does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

beta: mod_lsapi 0.1-58


New beta version of mod_lsapi available.

Changelog:
  • Bugfix: fix httpd crash due to NULL server-var bug
  • Added lsapi_use_default_uid, lsapi_target_perm, lsapi_user_group & lsapi_uid_gid parameters
  • Increased default values for lsapi_backend_connect_timeout and lsapi_backend_connect_tries
  • bugfix: do not rewrite lsapi.conf on easyapache --build
To update
cPanel:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing

DirectAdmin:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build apache

RPM based:
$
yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:
http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

KernelCare Updates For RHEL/CentOS 5 and RHEL/CentOS/CL 6 and OpenVZ

RHEL/CentOS 5: New patches deliver security fixes from latest RHEL kernel 2.6.18-371.11.1.el5

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update
  • CVE-2014-2678 kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
    A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.
  • CVE-2014-4021 xen: Hypervisor heap contents leaked to guests (xsa-100)
    It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself.
RHEL/CentOS/CL/OpenVZ 6: New patches deliver security fixes from latest RHEL kernel 2.6.32-431.23.3.el6
  • CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
    Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
  • CVE-2012-6647 Kernel: futex: forbid uaddr == uaddr2 in futex_wait_requeue_pi()
    A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to crash the system.
  • CVE-2013-7339 kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()
    The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
  • CVE-2014-2678 kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
    A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.
  • CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep()
    Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.

Beta: alt-php update


Updates for alt-php are availabe from our beta-testing repository

Changelog:
  • alt-php54 updated to 5.4.31 (Changelog)
  • alt-php55 updated to 5.5.15 (Changelog)
  • alt-php56 updated to 5.6.0RC2 (Changelog)
  • fixed PHP-Phalcon packages.
  • add mysqlnd support (nd_mysql, nd_mysqli, nd_pdo_mysqli, mysqlnd extensions)
  • added PHP-Phalcon for alt-php56


to update:
$ yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

KernelCare update for all versions of RHEL/CentOS/CloudLinux and OpenVZ

New patches provide a fix for CVE-2014-5077 for all supported distributions, as well as PSBM-25317 fix for vzkernel-26.32-042stab085.20 and older

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

CVEs: CVE-2014-5077

Details:
  • CVE-2014-5077 net: SCTP: NULL pointer dereference
    Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between a same pair of hosts.
    A remote user/program could use this flaw to crash the system kernel resulting in DoS.
  • PSBM-25317
    If pmtx_open() fails to get a slave inode or fails the pty_open(),
    the tty is released as part of the error cleanup. This flaw can crash the system kernel resulting in DoS.

KernelCare update for OpenVZ, PCS and CentOS/RHEL 6 kernels - PSBM-28104

OpenVZ, Virtuozzo, PCS kernels vzkernel-2.6.32-042stab092.1 and vzkernel-2.6.32-042stab092.2 as well as RHEL/CentOS 6.x kernels kernel-2.6.32-431.20.3.el6 are patched against recent bug when a container could fail to restart, remaining in the 'mounted' state (#PSBM-28104). The issue could also be triggered by an unprivileged user in any container, resulting in a memory leak and a potential DoS attack.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update


CVEs: Not assigned yet


Details:
  • PSBM-28104 a bug when a container could fail to restart, remaining in the 'mounted' state

Another bugfix release: lve-stats 0.10-31.2


Another bugfix release 0.10-31.2 to correct error introduced in previous version where lveinfo & lvechart would ignore all parameters

Changelog:
  • bugfix: don't ignore parameters for lveinfo & lvechart

To update:
$ yum update lve-stats

beta: mod_lsapi 0.1-51


New beta version of mod_lsapi available.

Changelog:
  • Added check for php script owner
  • Added lsapi_phprc support to specify PHPRC per VirtualHost
  • Fixed 404 error in PHP files that don't exist
To update
cPanel:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ yum update cpanel-mod-lsapi --enablerepo=cloudlinux-updates-testing

DirectAdmin:
$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$ cd /usr/local/directadmin/custombuild
$ ./build update
$ ./build apache

RPM based:
$
yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing
$yum update mod_lsapi --enablerepo=cloudlinux-updates-testing

More info:
http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

Minor bugfix release: lve-stats 0.10-31.1


Minor bug fix for 0.10-31.1 to prevent trim error when saving to sqlite database.

Changelog:
  • LVESTATS-38: require alt-sqlite, load it via LD_WRAPPER for lveinfo, lvechart & lvestats server
To update:
$ yum update lve-stats

KernelCare for CentOS & RHEL 7

KernelCare is now available for CentOS & RHEL 7 kernels.
Latest CentOS / RHEL kernels can be patched against privilege escalation vulnerability CVE-2014-4943. Other supported kernels were patched against it last week

CVEs: CVE-2014-4943

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:
CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()
A flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIG_PPPOL2TP is enabled.

KernelCare - new privilege escalation vulnerability CVE-2014-4943

CentOS 6, RHEL 6, CloudLinux 6 and OpenVZ kernels can now be patched against CVE-2014-4943. The patched kernels are yet to be available from the vendors. Yet, due to the nature of the issue, we wanted to release the patch as soon as possible

CVEs: CVE-2014-4943

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

Details:
  • CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()
    A flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIG_PPPOL2TP is enabled.

Updates to CageFS, LVE Manager & LVE Stats


New versions of CageFS, LVE Manager & LVE Stats were moved to production channels.

Changelog was corrected on Thu, July 17th at 9:00pm EST

Changelog:
lve-stats 0.10-31
  • LVESTATS-33: bugfix for lveinfo --dbgov --from --to any options located after --to are ignored
  • LVESTATS-34: SQLite database is locked
  • LVESTATS-32: bugfix for dbgovchart with --period parameter
  • LVESTATS-19: error while reading lve_version from database on package update
  • LVESTATS-24: Incorrect units produced by dbgovchart (KB/s instead MB/s)
  • LVESTATS-20: retrieve LVE info from REDIS like HGET "testlveid.net" "domains.com:Domain:lveid" 10000)
  • LVESTATS-30: Added check if the faulted-user is present in cPanel
  • LVESTATS-31: statsnotifer: do not print error when CPanel is not installed, just do nothing
  • LVESTATS-29: bugfix for reseller cpanel notification
  • LVESTATS-23: fix error when run /usr/bin/python /usr/sbin/statsnotifer check-users
  • Add notification Admin/Resellers/Customers when LVE faults are encountered
  • json interface for lve-stats
  • LVESTATS-22: Added json interface for lve-stats
  • LVESTATS-21: Added notification Admin/Resellers/Customers when LVE faults are encountered
lve-utils 1.4-18.3
  • LU-88: lvectl package-set doesn't set --pmem parameter
  • LU-87: bugfix for lvemanager (russian symbols in package names) for ISPmanager CL5
  • LU-86: lvectl package-delete doesn't remove packages with russians symbols from /etc/container/ve.cfg on ISPmanager
  • LU-85: lvectl do not accept decimal separator for vmem value
  • LU-77: add functions to detect all admin users and user type in DirectAdmin
  • LU-83: lvect package-set can't create package with russian symbols
  • LU-82: display warning "--cpu option had been deprecated, use --speed instead" instead of error
  • LU-81: remove max value of speed from lvectl --help
  • LU-77: add functions to detect all admin users and user type in DirectAdmin
  • LU-84: ISPmanager: getcontrolpackages show packages with spaces in it
  • changed Requires: liblve >= 1.2-1.12
  • LU-80: Add creation of symlinks for Percona-Server to alt-php-mysql-reconfigure script
  • LU-79: set default limits via lve_set_default, but not via lve_setup
  • LU-78: LVEStat.py: do not change value of CPU limit because this breaks lve-stats
  • LU-76: failed to get package list in LVE manager in DirectAdmin
  • LU-75: lvectl paneluserslimits shows incorrect values for SPEED
  • LU-72: traceback on lvectl paneluserslimits on cPanel
  • LU-71: DA: getcontrolpaneluserspackages uses login in terminal name instead of user name and shows wrong package list
  • revert smart memory output in lvect package-list and paneluserlimits
  • crons/kill_orphaned_php-cron: do not kill php-fpm processes
  • bugfix for Plesk getcontrolpaneluserspackages --userid
  • lvectl package-list and panellimits must show speed instead cpu
  • add to lvectl json output format speed and cpu
  • Plesk: correctly return UID and package name in getcontrolpaneluserspackages --package
  • revert smart memory output in lvect package-list and paneluserlimits
  • Bugfix: Do not check upper speed limit in lvectl and ve.cfg; use system upper limit if user limit greater than system limit
  • crons/kill_orphaned_php-cron: do not kill php-fpm processes
  • bugfix for Plesk getcontrolpaneluserspackages --userid
  • lvectl package-list and panellimits must show speed instead cpu
  • add to lvectl json ountput format speed and cpu
  • Plesk: correctly return UID and package name in getcontrolpaneluserspackages --package
  • revert smart memory output in lvect package-list and paneluserlimits
  • Bugfix: Do not check upper speed limit in lvectl and ve.cfg; use system upper limit if user limit greater than system limit
  • LU-66: remove pkg name from output getcontrolpaneluserspackages --package on plesk
  • LU-65: fix value type in getcontrolpaneluserspackages (PLESK class)
  • LU-64: redone lvectl package-list and panellimits to show speed instead cpu
  • LU-67: add to lvectl json output format speed and cpu
  • LU-62: crons/kill_orphaned_php-cron: do not kill php-fpm processes
  • LU-68: remove speed upper limit; use system upper limit if user limit is greater than system limit
  • LU-69: revert smart memory output in package-list and paneuserlimits
  • LU-63: remove mail alerts after lveutils-panel-cron on interworx
  • Fix for mailing alerts after lveutils-panel-cron on interworx
  • lvectl: param parse bug fix
  • LU-57:add ability to use fractional number; make mhz/ghz case insensitive
  • LU-56:hide some error message when using unimplemented func
  • LU-55: fix some type func call errors, fix lvectl help message
  • remove func check_speed; use convert_func when testing speed values
  • redone DirectAdmin algorithm of finding panel packages
  • Now each admin must see packages from /usr/local/directadmin/data/users/ADMIN_NAME/package.list and /usr/local/directadmin/data/admin/package.list
  • redone lvectl to use pylve lib
  • redone lvectl to understand new lve-kmod format
  • LU-47: Add ability to specify IOPS (input output operations per second)
  • Add IOPS to lveps/lvetop
  • LVEMAN-107: fix bug License not valid script in cPanel doesn't work "sumbit" instead of submit
python-cllib 1-19
  • PTCLLIB-13: clsudo.py: add ability to process multiple users
  • PTCLLIB-12: memory_to_page func can't convert float numbers
  • PTCLLIB-11: Bugfix for lvectl list / user-list
  • PTCLLIB-10: Rounging issue page_to_memory
  • clfunc.py: added reload_processes() function
  • Add clconfpars function (for parsing simple cofig files "key=val";)
  • PTCLLIB-9: Add clconfpars (for parsing simple cofig files "key=val";)
  • PTCLLIB-8: clfunc.py: added reload_processes() function
  • clfunc.py: add more information in error message
  • clfunc.py: fix bug in memory convert func
lvemanager 0.8-1.32
  • LVEMAN-174: DirectAdmin, Plesk: list of modules for selected php version is empty for existent user
  • LVEMAN-168: cPanel fix: when switching to a native version generates an error "php version is incorrect"
  • LVEMAN-160: LVE Manager for DirectAdmin: fix security issue found by Stieven Craig
  • LVEMAN-148: DirectAdmin: add lines to /etc/sudoers for all admins
  • LVEMAN-158: ISPmanager cl5/cl6 can't use package name with quotas
  • LVEMAN-153: cl-quota: process mounts correctly
  • changed Requires: lve-stats >= 0.10-26
  • LVEMAN-154: ISPmanager plugin on CL5 (lve_ver 4) is not functional
  • LVEMAN-152: LVEManager for cPanel: fix security issues
  • LVEMAN-113: PHP-Selector custom options should be placed after system setting in alt_php.ini
  • LVEMAN-147: Use Defaults button in PHP Selector (user's cpanel) does not work properly
  • LVEMAN-149: Empty headers fields in ISPmanager in details tab
  • LVEMAN-146: history and statistics are broken in LVEManager in Plesk
  • LVEMAN-145: Plesk->lvemanager->packages speed changes incorrect
  • LVEMAN-141: Headers are not valid for ISPmanager -> Lvemanager ->Home
  • LVEMAN-142: ISP->LVEmanager->account should not contain users without lve
  • LVEMAN-134: use SPEED instead of CPU in lvemanager for Plesk
  • LVEMAN-135: use SPEED instead of CPU in lvemanager for InterWorx
  • LVEMAN-136: InterWorx ->lvemanager ->settings ->nCPU,vMem,EP,IO fields are empty
  • LVEMAN-137: use SPEED instead of CPU in lvemanager for ISPmanager
  • LVEMAN-138: use SPEED instead of CPU in lvemanager for DirectAdmin
  • LVEMAN-133: LVE manager on cpanel: CPU column is empty when using lve-utils 1.4-8
  • LVEMAN-128: parameter error --user
  • LVEMAN-130: issues with PHP Selector in Plesk (empty lists of php versions/php modules)
  • LVEMAN-117: cPanel: hide buttons for native PHP version
  • LVEMAN-131: fix for cpanel LVE Manager -> Options->Apply
  • LVEMAN-103: Added preserving comments in /etc/sysconfig/cloudlinux-notify; Add filtering check period range in backend (hours from 0 to 23; minutes from 0 to 59) for compatibility with the cron jobs
  • LVEMAN-122: Add Select PHP version icon for cPanel 11.42.0 in new theme paper_lantern
  • LVEMAN-126: set "lvectl set id --speed" instead of "lvectl set id --cpu" in lvemanager for cpanel
  • LVEMAN-125: Added validation name extensions (for selectorctl --enable-user-extensions=...)
  • LVEMAN-124: change '-' to '~' in cpanel/configs/php.conf
  • LVEMAN-111: Russian translation correction for cPanel
  • LVEMAN-121: redone cagefs checking to use cagefs own function
  • LVEMAN-118: skip dir in user home dir
  • LVEMAN-103: Added web interface for managing the notification (Home => Server Configuration => CloudLinux LVE Manager => Options)
  • Add Select PHP version icon for cPanel 11.42.0 in new theme paper_lantern
  • cl-selector, selectorctl: do not check .cagefs/.cagefs.enabled files in home directory; check /etc/cagefs/users.enabled (or users.disabled) instead
  • set "lvectl set id --speed" instead of "lvectl set id --cpu" in lvemanager for cpanel
  • selectorctl does not show error about non-existing extension
  • error_reporting value in selector php.conf file
  • Notify Admin/Customers when LVE faults are encountered (user hits one of the limits)
  • Russian language improvements
  • Removing symlinks in /etc/cl.selector/
  • LVEMAN-114: add lock in plesk and da to prevent admin enable php selector
  • Fix ISPmanager fails in LVE statistics under user
CageFS 5.2-36
  • CAG-295: add /bin/ping to proxy.commands
  • changed required versions of lve-utils and python-cllib
  • CAG-293: cagefslib.py: strip trailing slash in function is_path_in_exclusions (if needed)
  • CAG-291: configure cagefs for postgresql correctly when /etc/sysconfig/postgres does not exist
  • CAG-289: DirectAdmin CageFS User Manager under other admin accounts
  • CAG-294: DirectAdmin: add /usr/local/awstats/wwwroot/cgi-bin read-only mountpoint
  • CAG-290: PHP Selector custom options should be placed after system setting in alt_php.ini
  • CAG-274: ensure that directory /usr/share/cagefs-skeleton/usr/bin exists before copying crontab.cagefs to that directory
  • CAG-287: /usr/sbin/cagefsctl --setup-cl-selector on ISP: check if directory /usr/local/bin exists already before creating it
  • CAG-279: use full path for flock in crontab.proxyexec
  • CAG-276: cagefsctl --tmpwatch: add ability to configure paths that are to be cleaned
  • CAG-288: cagefsctl --rebuild-alt-php-ini: reload php processes
  • do not create .cagefs.enabled files; enable stat for /etc/cagefs/* directories instead (change permissions to 701)
  • LVEMAN-121: add to cagefsctl function is_cagefs_enabled()
  • CAG-275: do not create .cagefs.enabled files; enable stat for /etc/cagefs/* directories instead (change permissions to 701)
  • Additional fix 2 for CAG-272: user's status is not set after creating of the user via HTTP request
  • CAG-278: fix bug in phpinivalidator.py
  • CAG-272: User's status is not set after creating of the user via HTTP request ISP Manager
  • exclude saslauth user from CageFS
  • increased cagefs_lve_version
  • cagefsctl: check /proc/lve/list in order to detect LVE/jail support (CAG-271)
  • CAG-267:super global php.ini with default directives/values
  • CAG-240: add option --list-logged-in, that shows users logged in cagefs via ssh
  • CAG-268: Add ability to run proxy commands on remote server

To update:
$ yum update lve-stats cagefs lvemanager

Beta: mod_lsapi - supercharge your Apache PHP hosting


I had been unhappy with existing ways to serve PHP under Apache for a number of reasons:
  • RUID2 + mod_php - is a giant security hole that lets any user get a root account
  • MPM ITK - is very slow, as it kills processes after each request
  • suPHP & CGI - are both slow, as they start PHP on each request. They are also incompatible with opcode caching.
  • FastCGI - creates a lot of stability issues, hard to configure due to the way it handles processes, and doesn't use opcode caching optimally.
  • PHP FPM - needs a socket/startup per customer, not that stable with Apache and creates a mess when we tried to integrate it with PHP Selector - as now PHP selector would have to restart PHP FPM processes.

After a long period of research we figured out that what we really want is to serve PHP the way it is served by LiteSpeed web server.
Luckily - LiteSpeed Tech open sourced parts of it PHP process management & communication protocol.
So, we went to work - and did the rest. The result of our work is mod_lsapi - an Apache module to serve PHP. While your Apache will still be slower then LiteSpeed API, it will be much faster then with any other way to serve PHP.

Some of the benefits of mod_lsapi comparing to other ways to serve PHP:
  • Speed - it is faster than any other way to serve PHP with Apache
  • Stability - it doesn't suffer from stability issues in process management like PHP FPM
  • Utilizes full benefits of opcode caching
  • MPM Worker & Event compatible
  • Support for PHP directives in .htaccess files
  • Drop in replacement for existing ways to serve PHP
  • Fully compatible with PHP Selector

The software is currently in beta stage, and you can find more info on how to deploy it here:
http://docs.cloudlinux.com/index.html?apache_mod_lsapi.html

While mod_lsapi already outperforms anything available for serving PHP on Apache - there is a lot more that we plan to add to it, like:
  • PHP version per directory settings
  • Faster first page response
  • Higher density
  • Adaptive process spawning
Small FAQ:

Q: Is it available now?
A: Yes, it is available now to current CloudLinux customers

Q: Is it open source?
A: Parts of mod_lsapi are opensourced, but not everything. We closed source lsapi library that allows mod_lsapi to communicate with lsphp.

Q: Does it require PHP Selector?
A: Yes

Q: Does it require CageFS?
A: Yes

Q: Do I have to use it?
A: No, you can continue using whatever way to serve PHP you have used before

Q: Can I switch it off if I don't like it?
A: Yes

Q: Has it been used in production environment?
A: Yes, we have piloted it with a number of customers for the past two months to get rid of majority of issues.

CL6/Hybrid kernel 2.6.32-531.17.1.lve1.2.60 fixes CVE-2014-4699


New kernel 2.6.32-531.17.1.lve1.2.60 is available. It fixes local priveldge escallation vulnerability CVE-2014-4699

Changelog:
To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.60.el6

To update hybrid kernels:
$ yum install kernel-2.6.32-531.17.1.lve1.2.60.el5h

KernelCare customers don't need to update. This issue was patched by KernelCare on July 7th.

alt-php updated


PHP had been updated to newer versions in production channels.
Changelog:

To update:
$ yum groupupdate alt-php

KernelCare - RHEL 5 & CentOS 5 support added

Support for RHEL 5 & CentOS 5 kernels had been released. For now we support only x86_64 kernels. Xen kernels will be added soon.
List of supported kernels can be found here: http://patches.kernelcare.com/
Installation instructions: http://www.kernelcare.com/try_it/install.php
You can signup for KernelCare notifications for your kernel here: http://kernelcare.com/mailing-lists.php

Pages: Prev. | 1 | 2 | 3 | 4 | 5 | ... | 22 | Next