Blogroll: CloudLinux

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 83 posts from the blog 'CloudLinux.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Subscribe to CloudLinux feed
All blog entries from https://www.cloudlinux.com/
Updated: 1 hour 1 min ago

MariaDB for MySQL Governor updated

Thu, 25/05/2017 - 16:05

The new updated MariaDB packages for MySQL Governor are available for download from our production repository.

Changelog:

cl-MariaDB101-10.1.22-2

cl-MariaDB100-10.0.30-4

cl-MariaDB55-5.5.54-5

  • added jemalloc support.

To update run:

# yum update cl-MariaDB-meta-client cl-MariaDB-meta cl-MariaDB-meta cl-MariaDB* # restart mysql # restart governor-mysql

To install on a new server:

# yum install governor-mysql # /usr/share/lve/dbgovernor/db-select-mysql --mysql-version=[mariadb version] # /usr/share/lve/dbgovernor/mysqlgovernor.py --install
Categories: Technology

Beta: Imunify360 2.2-12 released

Thu, 25/05/2017 - 08:21

We are pleased to announce that the new updated beta Imunify360 version 2.2-12 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 has also become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at helpdesk.cloudlinux.com: Imunify360 department. We’d be more than happy to help you.

Fixes

  • DEF-1988: fixed ModSecurity audit log parser;
  • DEF-1930: log rotation for captcha log;
  • DEF-1999: panel specific way to count users;
  • DEF-1616: fixed Reputation Management socket error;
  • DEF-1919: added modsec2.imunify.conf to the doctor;
  • fixed path attribute for on-demand scans.

To instal new beta Imunify360 version 2.2-12 please follow the instructions in the documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum clean all --enablerepo=imunify360-testing yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

Imunify360 2.1-12 hotfix release

Wed, 24/05/2017 - 22:16

We are pleased to announce that the new updated Imunify360 version 2.1-12 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at helpdesk.cloudlinux.com: Imunify360 department. We’d be more than happy to help you.

Fixes

  • DEF-1919: added modsec2.imunify.conf to the doctor;
  • DEF-1999: panel specific way to count users.

To instal new Imunify360 version 2.1-12 please follow the instructions inthe documentation.

To upgrade Imunify360 run the command:

yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

CloudLinux 7 kernel updated

Wed, 24/05/2017 - 17:06

The new updated CloudLinux 7 kernel version 3.10.0-614.10.2.lve1.4.50 is available for download from our production repository.

Changelog since kernel-3.10.0-427.36.1.lve1.4.47:

  • improved fix for CVE-2017-7895;
  • rebased kernel to OpevVZ rh7-3.10.0-514.10.2.vz7.29.2;
  • fixed a deadlock with hpc backup solution;
  • CLKRN-92: megaraid driver panic fixes;
  • CLKRN-94: improved symlink attack protection by checking nested symlinks;
  • CLKRN-95: reduced high-order allocation impact in filesystem mount code;
  • CLKRN-97: fixed kernel panic on netlink_lookup;
  • CLKRN-104: fixed crashes around rhashtable as part of rebase;
  • CLKRN-105, CLKRN-115: fixed NULL pointer dereferencing in task scheduler;
  • CLKRN-106: avoiding kernel crash when setting vm.vfs_cache_min_ratio to zero in runtime;
  • CLKRN-117: avoiding running out of container ID's;
  • KMODLVE-66: fixed panic while waiting for LVE to be initialized.

To install new kernel please run the following command:

CloudLinux 7:

yum clean all --enablerepo=* && yum install kernel-3.10.0-614.10.2.lve1.4.50.el7 kmod-lve-1.4-50.el7

CloudLinux 6 Hybrid:

yum clean all --enablerepo=* && yum install kernel-3.10.0-614.10.2.lve1.4.50.el6h kmod-lve-1.4-50.el6h
Categories: Technology

Beta: LVE-Stats 2 updated

Wed, 24/05/2017 - 10:00

The new updated LVE-Stats 2 with the number of bugfixes and increased stability is available for download from our updates-testing repository.

lve-stats-2.6-9

Release notes:

Fixed problem with sending notifications in DirectAdmin (LVES-720, LVES-730, LVES-716).
Bugs fixed, code optimized.

Changelog:

  • LVES-725: fixed lve-stats-tests for Plesk;
  • LVES-705: correctly show MySQL CPU/IO usage and limit for MySQL Governor all mode (cloudlinux-top);
  • LVES-730: improved the definition of resellers in statsnotifier;
  • LVES-718: fixed a bug when dbgovchart generated incorrect charts (labels);
  • LVES-712: optimized plugins. Iteration #2;
  • LVES-720: made correct configuration for DA for using notifier in it;
  • LVES-716: implemented different email messages for different control panels;
  • LVES-719: corrected MySQLGovernor limit dimension.

To install run:

yum install lve-stats --enablerepo=cloudlinux-updates-testing

To update run:

yum clean all --enablerepo=cloudlinux-updates-testing yum update lve-stats --enablerepo=cloudlinux-updates-testing

To downgrade:

yum downgrade lve-stats
Categories: Technology

Beta: Alt-PHP updated

Tue, 23/05/2017 - 15:51

The new updated Alt-PHP packages are available for download from our updates-testing repository.

Changelog:

alt-php55-phalcon3-3.1.2-1

alt-php56-phalcon3-3.1.2-1

alt-php70-phalcon3-3.1.2-1

alt-php71-phalcon3-3.1.2-1

  • ALTPHP-335: updated to 3.1.2.

alt-ImageMagick-6.9.4.10-2

  • add patches for CVE-2017-9098 and CVE-2017-7606.

To install run the command:

yum install alt-ImageMagick alt-php*phalcon3 --enablerepo=cloudlinux-updates-testing

 

Categories: Technology

MySQL 5.0 is no longer supported

Tue, 23/05/2017 - 15:42

We have decided to stop MySQL 5.0 and cl-MySQL50 packages with MySQL Governor support due to a very low usage of the mentioned version and packages being outdated.

These packages will not be included in the further releases of CloudLinux OS.

For those who have MySQL 5.0 and MySQL Governor installed everything will work the same as before, but no more updates or fixes will be released.

If you want to receive updates and bug-fixes we recommend to update your database to MySQL 5.1 or higher. Please use the following instruction to do so:

/etc/init.d/mysql stop cp -R /var/lib/mysql /var/lib/mysql.bkp cd ~; mysqldump -u root -p --all-databases --skip-lock-tables > alldb.sql

update MySQL packages using instructions: http://docs.cloudlinux.com/index.html?change_mysql_version.html

rm -rf /var/lib/mysql/* mysql_install_db --user=mysql

add skip-grant-tables to [mysqld] section of /etc/my.cnf

restart mysql service

mysql -u root -p < alldb.sql

remove skip-grant-tables from [mysqld] section of /etc/my.cnf

restart mysql service

Categories: Technology

Beta: CloudLinux 7 kernel updated

Tue, 23/05/2017 - 14:57

The new updated CloudLinux 7 kernel version 3.10.0-614.10.2.lve1.4.50 is available for download from our updates-testing repository.

Changelog since 3.10.0-614.10.2.lve1.4.48:

To install new kernel please run the following command:

CloudLinux 7

yum install kernel-3.10.0-614.10.2.lve1.4.50.el7 kmod-lve-1.4-50.el7 --enablerepo=cloudlinux-updates-testing

CloudLinux 6 Hybrid

yum install kernel-3.10.0-614.10.2.lve1.4.50.el6h kmod-lve-1.4-50.el6h --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing
Categories: Technology

Beta: mod_lsapi updated

Tue, 23/05/2017 - 09:59

The new updated mod_lsapi packages for CloudLinux 6 and 7 as well as for Apache 2.4 (CloudLinux 6) and EasyApache 4 (CloudLinux 6 and 7) are available from our updates-testing repository.

Changelog:

mod_lsapi 1.1-11

ea-apache24-mod_lsapi 1.1-11

httpd24-mod_lsapi 1.1-11

  • MODLS-401: added dynamic tuning of lsapi_backend_children parameter;
  • MODLS-410: priority of php_value from httpd.conf lowered to PERDIR.

To update:

cPanel & RPM Based

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing $ service httpd restart

DirectAdmin

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ cd /usr/local/directadmin/custombuild $ ./build set cloudlinux_beta yes $ ./build update $ ./build mod_lsapi

To install, follow the instructions on the link:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

For EasyApache 4

To update:

$ yum update liblsapi liblsapi-devel ea-apache24-mod_lsapi --enablerepo=cl-ea4-testing --enablerepo=cloudlinux-updates-testing $ service httpd restart

If you are using ea-apache24-mod_lsapi-1.1-9 or lower, then after the update all of your domains that used mod_lsapi will be switched to suPHP as default PHP handler used from MultiPHP Manager. To turn on mod_lsapi back, go to MultiPHP Manager and chose lsapi handler.



To install:

$ yum-config-manager --enable cl-ea4-testing $ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing

read http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

$ yum-config-manager --disable cl-ea4-testing

Go to MultiPHP Manager and enable mod_lsapi on your domains through lsapi handler

To remove mod_lsapi:

Before deleting mod_lsapi, make sure to change the lsapi handler to any other from MultiPHP Manager (optional).

http24 for CloudLinux 6

For installation/update run:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum install httpd24-mod_lsapi --enablerepo=cloudlinux-updates-testing
Categories: Technology

Released just 6 weeks ago, Imunify360 already protects over 1000 Linux Web servers

Fri, 19/05/2017 - 17:37

We are so excited to share that since Imunify360’s release less than two months ago, over a thousand of various types of licenses have been sold. The adoption of Imunify360 has far surpassed our expectations and forecasts - the diverse and all-encompassing security has made the offering very appealing to both the end users and the hosting providers.

Canadian Web Hosting, the first company that made Imunify360 publicly available to their customers, have integrated Imunify360 comprehensive security solution into their product offering to protect and secure their Linux shared servers. They have also made it available for purchase to their VPS/dedicated server customers. Matt McKinney, their Chief Strategy Officer, said that by adding Imunify360 they have given their customers a one stop shop to protect their online business easily and affordably.

If you’d like to see a live demo of Imunify360, register for the upcoming webinar "Key features of Imunify360 - a walkthrough demo with Q&A".

Categories: Technology

Beta: Apache 2.4 updated

Fri, 19/05/2017 - 16:20

httpd24-httpd for CloudLinux 6 is now updated up to the latest version and available for dowmload from our updates-testing repository.

httpd24-httpd - 2.4.25-9

Changelog:

Find details on the link: https://access.redhat.com/errata/RHSA-2017:1161

For installation:

# yum install httpd24-httpd --enablerepo=cloudlinux-updates-testing

For update:

# yum clean all --enablerepo=cloudlinux-updates-testing # yum update httpd24-httpd --enablerepo=cloudlinux-updates-testing

httpd24 does not conflict with standard httpd(2.2). To start:

# service httpd24-httpd restart # chkconfig httpd24-httpd on

Config files for httpd24 are located in the directory: /opt/rh/httpd24/root/etc/httpd/httpd.conf

Categories: Technology

HardenedPHP for EasyApache 4 updated

Wed, 17/05/2017 - 19:56

The new updated HardenedPHP for EasyApache 4 packages are available for download from our production repository.

NOTE: ea-php51 and ea-php52 has no PHP-FPM support. Please use mod_lsapi instead (http://docs.cloudlinux.com/index.html?mod_lsapi_installation.html).

ea-php51-php-5.1.6-6.cloudlinux

Changelog:

  • bug 72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128);
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635);
  • bug 70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835);
  • Improve check for :memory: pseudo-filename in SQlite (CVE-2012-3365);
  • CVE-2016-10158 php: Wrong calculation in exif_convert_any_to_int function;
  • CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx();
  • CVE-2016-10168 gd: Integer overflow in gd_io.c;
  • CVE-2016-4070 php: Integer overflow in php_raw_url_encode;
  • CVE-2016-7125 php: Session Data Injection Vulnerability;
  • CVE-2016-7126 php: select_colors write out-of-bounds;
  • CVE-2016-7127 php: imagegammacorrect allows arbitrary write access;
  • CVE-2016-7129 php: wddx_deserialize allows illegal memory access;
  • CVE-2016-7130 php: wddx_deserialize null dereference;
  • CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml;
  • CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element;
  • CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images;
  • CVE-2016-9935 php: Invalid read when wddx decodes empty boolean element;
  • CVE-2006-5465 PHP buffer overflow;
  • CVE-2006-7243 php: paths with NULL character were considered valid;
  • CVE-2007-0455 gd buffer overrun;
  • CVE-2007-1864 php libxmlrpc library overflow;
  • CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG;
  • CVE-2007-2872 php chunk_split integer overflow;
  • CVE-2007-3799 php cross-site cookie insertion;
  • CVE-2007-3996 php multiple integer overflows in gd;
  • CVE-2007-3998 php floating point exception inside wordwrap;
  • CVE-2007-4658 php money_format format string issue;
  • CVE-2007-4670 php malformed cookie handling;
  • CVE-2007-4782 php crash in glob() and fnmatch() functions;
  • CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences;
  • CVE-2007-5899 php session ID leakage;
  • CVE-2008-2051 PHP multibyte shell escape flaw;
  • CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension;
  • CVE-2008-3659 php: buffer overflow in memnstr;
  • CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension;
  • CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure;
  • CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution);
  • CVE-2008-5624 php: missing initialization of BG(page_uid) and BG(page_gid);
  • CVE-2008-5625 php: incorrect php_value order for Apache configuration;
  • CVE-2008-5814 php: XSS via PHP error messages;
  • CVE-2008-7068 php: dba_replace() file corruption vulnerability;
  • CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files;
  • CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name;
  • CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing;
  • CVE-2009-3546 gd: insufficient input validation in _gdGetColors();
  • CVE-2009-4017 PHP: resource exhaustion attack via upload requests with lots of files;
  • CVE-2009-4142 php: htmlspecialchars() insufficient checking of input for multi-byte encodings;
  • CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension;
  • CVE-2010-1128 php: LCG entropy weakness;
  • CVE-2010-1129 CVE-2010-1130 php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2;
  • CVE-2010-1861 php: shm_put_var interruption vulnerability (MOPS-2010-009);
  • CVE-2010-1868 php: sqlite: use of uninitialized memory triggered by empty SQL query (MOPS-2010-012, MOPS-2010-013);
  • CVE-2010-1917 php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021);
  • CVE-2010-2191 php: multiple interruption vulnerabilities (MOPS-2010-0[49,50,51,52,53,54,55]);
  • CVE-2010-2531 php: information leak vulnerability in var_export();
  • CVE-2010-3065 php: session serializer session data injection vulnerability (MOPS-2010-060);
  • CVE-2010-3870 php: XSS mitigation bypass via utf8_decode();
  • CVE-2011-0708 php: buffer over-read in Exif extension;
  • CVE-2011-1092 php: integer overflow in shmop_read();
  • CVE-2011-1148 php: use-after-free vulnerability in substr_replace();
  • CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar;
  • CVE-2011-1469 php: DoS when using HTTP proxy with the FTP wrapper;
  • CVE-2011-1938 php: stack-based buffer overflow in socket_connect();
  • CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename;
  • CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure;
  • CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003);
  • CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix;
  • CVE-2012-1172 php: $_FILES array indexes corruption;
  • CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827);
  • CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h;
  • CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir;
  • CVE-2012-3365 php: open_basedir bypass via SQLite functionality;
  • CVE-2013-1635 php, php53: Arbitrary locations file write due absent validation of soap.wsdl_cache_dir configuration directive value;
  • CVE-2013-6420 php: memory corruption in openssl_x509_parse();
  • CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm();
  • CVE-2014-3597 php: multiple buffer over-reads in php_parserr;
  • CVE-2014-3669 php: integer overflow in unserialize();
  • CVE-2014-3670 php: heap corruption issue in exif_thumbnail();
  • CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow;
  • CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy();
  • CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c;
  • CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow;
  • CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name;
  • CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re;
  • CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4;
  • CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing;
  • CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS;
  • CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+;
  • CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character;
  • CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize();
  • CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize();
  • CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions;
  • CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods;
  • CVE-2015-4602 php: Incomplete Class unserialization type confusion;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-6835 php: use-after-free vulnerability in session deserializer;
  • CVE-2015-6836 php: SOAP serialize_function_call() type confusion;
  • CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class;
  • CVE-2015-8835 php: type confusion issue in Soap Client call() method;
  • CVE-2016-10161 php: Out-of-bounds heap read on unserialize in finish_nested_data();
  • CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd;
  • CVE-2016-5094 php: Integer overflow in php_html_entities();
  • CVE-2016-5399 php: Improper error handling in bzread();
  • CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow;
  • CVE-2016-5772 php: Double Free Corruption in wddx_deserialize;
  • CVE-2016-6288 php: Buffer over-read in php_url_parse_ex;
  • CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex;
  • CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization;
  • CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c;
  • CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF;
  • CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element;
  • bug 37368: Incorrect timestamp returned for strtotime();
  • bug 37514: strtotime doesn't assume year correctly;
  • bug 37850: Reference counting bug in SoapClient::__setSoapHeaders();
  • bug 38534: segmentation fault;
  • bug 40109: iptcembed fails on non-jfif jpegs;
  • bug 40467: Partial SOAP request sent when XSD sequence or choice include minOccurs=0;
  • bug 41004: minOccurs="0" and null class member variable;
  • bug 45706: Serializing of ArrayIterator extended Objects;
  • bug 47245: crash following mb_detect_encoding;
  • bug 65481: Shutdown segfault due to serialize;
  • bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization;
  • bug 70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker();
  • bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability;
  • bug 71039: exec functions ignore length but look for NULL termination;
  • bug 71459: Integer overflow in iptcembed();
  • bug 71587: Use-After-Free / Double-Free in WDDX Deserialize;
  • bug 72482: Illegal write/read access caused by gdImageAALine overflow;
  • bug 72771: ftps:// wrapper is vulnerable to protocol downgrade attack;
  • bug 72807: integer overflow in curl_escape caused heap corruption;
  • bug 72836: integer overflow in base64_decode caused heap corruption;
  • bug 72837: integer overflow in bzdecompress caused heap corruption;
  • bug 72849: integer overflow in urlencode caused heap corruption;
  • bug 72850: integer overflow in php_uuencode caused heap corruption;
  • bug 73017: memory corruption in wordwrap function;
  • bug 73073: CachingIterator null dereference when convert to string;
  • bug 73082: string length overflow in mb_encode_* function;
  • bug 73150: missing NULL check in dom_document_save_html;
  • bug 73208: integer overflow in imap_8bit caused heap corruption;
  • bug 73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow;
  • bug 73452: Segfault (Regression for #69152);
  • EA-5807: enable php-tidy on rhel 6 and above;
  • EA-5946: force requirement of ea-libtidy instead of .so from BuildRequires ea-libtidy-devel;
  • Disabled automatic Requires generation for curl subpackage;
  • ALTPHP-306: LSPHP: Return response code and response status line in cgi/fcgi manner;
  • use ea-libcurl 7.53.1 instead of system curl package.

ea-php52-php-5.2.17-10.cloudlinux

Changelog:

  • bug 72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128);
  • bug 70350: ZipArchive::extractTo allows for directory traversal when creating directories (CVE-2014-9767);
  • Disabled external entities loading (CVE-2013-1643, CVE-2013-1824);
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635);
  • bug 70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835);
  • Improve check for :memory: pseudo-filename in SQlite (CVE-2012-3365);
  • bug 73764: Crash while loading hostile phar archive (CVE-2016-10159);
  • bug 73768: Memory corruption when loading hostile phar (CVE-2016-10160);
  • bug 73825: Heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161);
  • bug 68447: grapheme_extract take an extra trailing character;
  • bug 73737: FPE when parsing a tag format (CVE-2016-10158);
  • bug 73773: Seg fault when loading hostile phar;
  • bug 73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx();
  • bug 73869: Signed Integer Overflow gd_io.c;
  • CVE-2010-1861 php: shm_put_var interruption vulnerability (MOPS-2010-009);
  • CVE-2010-2191 php: multiple interruption vulnerabilities (MOPS-2010-0[49,50,51,52,53,54,55])
  • CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate();
  • CVE-2011-0708 php: buffer over-read in Exif extension;
  • CVE-2011-1092 php: integer overflow in shmop_read();
  • CVE-2011-1148 php: use-after-free vulnerability in substr_replace();
  • CVE-2011-1938 php: stack-based buffer overflow in socket_connect();
  • CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename;
  • CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure;
  • CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix;
  • CVE-2012-1172 php: $_FILES array indexes corruption;
  • CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827);
  • CVE-2012-2311 php: incomplete CVE-2012-1823 fix - incorrect check for =;
  • CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h;
  • CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension;
  • CVE-2013-4248 php: hostname check bypassing vulnerability in SSL client;
  • CVE-2013-6420 php: memory corruption in openssl_x509_parse();
  • CVE-2014-3597 php: multiple buffer over-reads in php_parserr;
  • CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime();
  • CVE-2014-3669 php: integer overflow in unserialize();
  • CVE-2014-3670 php: heap corruption issue in exif_thumbnail();
  • CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing;
  • CVE-2014-5120 php: gd extension NUL byte injection in file names;
  • CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy();
  • CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict();
  • CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow;
  • CVE-2015-2301 php: use after free in phar_object.c;
  • CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23);
  • CVE-2015-2331 libzip: integer overflow when processing ZIP archives;
  • CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name;
  • CVE-2015-2783 php: buffer over-read in Phar metadata parsing;
  • CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re;
  • CVE-2015-3329 php: buffer overflow in phar_set_inode();
  • CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4;
  • CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions;
  • CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name;
  • CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing;
  • CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS;
  • CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+;
  • CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character;
  • CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize();
  • CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize();
  • CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions;
  • CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods;
  • CVE-2015-4602 php: Incomplete Class unserialization type confusion;
  • CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize;
  • CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath;
  • CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar;
  • CVE-2015-6835 php: use-after-free vulnerability in session deserializer;
  • CVE-2015-6836 php: SOAP serialize_function_call() type confusion;
  • CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class;
  • CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns;
  • CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd;
  • CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream();
  • CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition;
  • CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used;
  • CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input;
  • CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal;
  • CVE-2016-5094 php: Integer overflow in php_html_entities();
  • CVE-2016-5399 php: Improper error handling in bzread();
  • CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow;
  • CVE-2016-5772 php: Double Free Corruption in wddx_deserialize;
  • CVE-2016-6288 php: Buffer over-read in php_url_parse_ex;
  • CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex;
  • CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization;
  • CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE;
  • CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http;
  • CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c;
  • CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener;
  • CVE-2016-7413 php: Use after free in wddx_deserialize;
  • CVE-2016-7414 php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile;
  • CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message;
  • CVE-2016-7418 php: Null pointer dereference in php_wddx_push_element;
  • CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf;
  • EA-5807: enable php-tidy on rhel 6 and above;
  • EA-5946: force requirement of ea-libtidy instead of .so from BuildRequires ea-libtidy-devel;
  • Disabled automatic Requires generation for curl subpackage;
  • ALTPHP-306: LSPHP: Return response code and response status line in cgi/fcgi manner;
  • use ea-libcurl 7.53.1 instead of system curl package.

For installation:

yum clean all yum update ea-profiles-cpanel

Install one of the profiles (allphp_cl, allphp_cl_lsapi, allphp-opcache_cl, allphp-opcache_cl) via the web interface or via the command line tool.

Categories: Technology

mod_lsapi updated

Wed, 17/05/2017 - 19:00

The new updated mod_lsapi packages for CloudLinux 6 and 7 as well as for Apache 2.4 (CloudLinux 6) and EasyApache 4 (CloudLinux 6 and 7) are available from our production repository.

mod_lsapi 1.0-30

ea-apache24-mod_lsapi 1.0-30

httpd24-mod_lsapi 1.0-30

Changelog:

  • MODLS-399: fetching litespeed sources over https;
  • MODLS-408: added PHP44, PHP51, PHP52, PHP71 handler;
  • MODLS-397: fixed lsapi_engine Off in .htaccess after enable/disable single domain;
  • MODLS-411: fixed dereferencing NULL pointer in lsapi_log;
  • MODLS-402: fixed Hotlink protection.

To update:

cPanel & RPM Based

$ yum clean all $ yum update liblsapi liblsapi-devel $ yum update mod_lsapi $ service httpd restart

DirectAdmin

$ yum clean all $ yum update liblsapi liblsapi-devel $ cd /usr/local/directadmin/custombuild $ ./build update $ ./build mod_lsapi

To install, follow the instructions on the link:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

For EasyApache 4

To update:

$ yum clean all $ yum update liblsapi liblsapi-devel $ yum update ea-apache24-mod_lsapi $ service httpd restart

To install:

$ yum clean all $ yum update liblsapi liblsapi-devel

readhttp://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

http24 for CloudLinux 6

To update:

$ yum clean all $ yum update liblsapi liblsapi-devel $ yum update httpd24-mod_lsapi

To install:

$ yum install liblsapi liblsapi-devel $ yum install httpd24-mod_lsapi
Categories: Technology

New Webinar: Key Features of Imunify360 - a Walkthrough Demo with Q&amp;A

Wed, 17/05/2017 - 18:10

Join us on Wednesday, May 24th, at 12 pm EDT for a live Imunify360 DEMO to discover all features!

Join our CEO Igor Seletskiy for a comprehensive, live demo of Imunify360. Learn how this all-in-one, automated security solution protects Linux web servers against various types of attacks.

The session will explore:

  • the multi-layer security perfect for VPS & shared servers
  • the hands-off, easy to use UI
  • feature configurations and default values 

As always, a Q&A session will follow the presentation.

The webinar will take place on Wednesday, May 24th at 12 pm EDT / 9 am PDT, and you can register for it here.

(If you can’t attend, register anyway and we’ll send you the recording after the event.)

We hope you can join us. 

Categories: Technology

New Webinar: Key Features of Imunify360 - a Walkthrough Demo with Q&amp;A

Wed, 17/05/2017 - 18:10

Join us on Wednesday, May 24th, at 9 am EDT for a live Imunify360 DEMO to discover all features!

Join our CEO Igor Seletskiy for a comprehensive, live demo of Imunify360. Learn how this all-in-one, automated security solution protects Linux web servers against various types of attacks.

The session will explore:

  • the multi-layer security perfect for VPS & shared servers
  • the hands-off, easy to use UI
  • feature configurations and default values 

As always, a Q&A session will follow the presentation.

The webinar will take place on Wednesday, May 24th at 12 pm EST / 9 am PST, and you can register for it here.

(If you can’t attend, register anyway and we’ll send you the recording after the event.)

We hope you can join us. 

Categories: Technology

PHP for EasyApache 4 updated

Tue, 16/05/2017 - 16:24

The new updated ea-php packages are available for download from our production repository.

Changelog:

ea-php70-7.0.19-1.cloudlinux

  • (core) 74188: Null coalescing operator fails for undeclared static class properties;
  • (core) 74408: Endless loop bypassing execution time limit;
  • (core) 74410: stream_select() is broken on Windows Nanoserver;
  • (core) 74337: php-cgi.exe crash on facebook callback;
  • (core) 74216: was reverted;
  • (date) 74404: Wrong reflection on DateTimeZone::getTransitions;
  • (date) 74080: add constant for RFC7231 format datetime;
  • (dom) 74416: Wrong reflection on DOMNode::cloneNode;
  • (fileinfo) 74379: syntax error compile error in libmagic/apprentice.c;
  • (gd) 74343: compile fails on solaris 11 with system gd2 library;
  • (intl) 74433: wrong reflection for Normalizer methods;
  • (intl) 74439: wrong reflection for Locale methods;
  • (mysqli) 74432: mysqli_connect adding ":3306" to $host if $port parameter not given;
  • (mysqlnd): Added support for MySQL 8.0 types;
  • (mysqlnd) 74376: Invalid free of persistent results on error/connection loss;
  • (openssl) 73833: null character not allowed in openssl_pkey_get_private;
  • (openssl) 73711: Segfault in openssl_pkey_new when generating DSA or DH key;
  • (openssl) 74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds;
  • (openssl): Added OpenSSL 1.1.0 support;
  • (phar) 74383: phar method parameters reflection correction;
  • (standard) 74409: Reflection information for ini_get_all() is incomplete;
  • (standard) 72071: setcookie allows max-age to be negative;
  • (streams) 74429: Remote socket URI with unique persistence identifier broken;
  • (sqlite3) 74413: incorrect reflection for SQLite3::enableExceptions;
  • EA-6063: Add ea-php70 binary symlinks to /usr/bin and /usr/local/bin.

ea-php71-7.1.5-1.cloudlinux

  • (core) 74408: Endless loop bypassing execution time limit;
  • (core) 74353: Segfault when killing within bash script trap code;
  • (core) 74340: Magic function __get has different behavior in php 7.1.x;
  • (core) 74188: Null coalescing operator fails for undeclared static class properties;
  • (core) 74444: multiple catch freezes in some cases;
  • (core) 74410: stream_select() is broken on Windows Nanoserver;
  • (core) 74337: php-cgi.exe crash on facebook callback;
  • (date) 74404: Wrong reflection on DateTimeZone::getTransitions;
  • (date) 74080: add constant for RFC7231 format datetime;
  • (dom) 74416: Wrong reflection on DOMNode::cloneNode;
  • (fileinfo) 74379: syntax error compile error in libmagic/apprentice.c;
  • (gd) 74343: compile fails on solaris 11 with system gd2 library;
  • (mysqlnd) 74376: Invalid free of persistent results on error/connection loss;
  • (intl) 65683: Intl does not support DateTimeImmutable;
  • (intl) 74298: IntlDateFormatter->format() doesn't return microseconds/fractions;
  • (intl) 74433: wrong reflection for Normalizer methods;
  • (intl) 74439: wrong reflection for Locale methods;
  • (opcache) 74456: Segmentation error while running a script in CLI mode;
  • (opcache) 74431: foreach infinite loop;
  • (opcache) 74442: Opcached version produces a nested array;
  • (openssl) 73833: null character not allowed in openssl_pkey_get_private;
  • (openssl) 73711: Segfault in openssl_pkey_new when generating DSA or DH key;
  • (openssl) 74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds;
  • (phar) 74383: phar method parameters reflection correction;
  • (readline) 74489: readline() immediately returns false in interactive console mode;
  • (standard) 72071: setcookie allows max-age to be negative;
  • (standard) 74361: Compaction in array_rand() violates COW;
  • (streams) 74429: Remote socket URI with unique persistence identifier broken;
  • EA-6063: added ea-php71 binary symlinks to /usr/bin and /usr/local/bin.

To update run:

yum upgrade ea-php{70,71}*
Categories: Technology

Beta: Alt-PHP with HTTP/2 support released

Tue, 16/05/2017 - 15:00

The new updated Alt-PHP packages with HTTP/2 support are available for download from our updates-testing repository.

Changelog:

alt-php44-4.4.9-62

alt-php51-5.1.6-72

alt-php52-5.2.17-98

alt-php53-5.3.29-48

alt-php54-5.4.45-32

alt-php55-5.5.38-14

alt-php56-5.6.30-5

alt-php70-7.0.19-2

alt-php71-7.1.5-2

  • using alt-openssl instead of system OpenSSL;
  • implemented HTTP/2 support (via cURL).

alt-curlssl-7.54.0-3.cloudlinux

  • updated to 7.54.0;
  • build against alt-openssl.

alt-openssl-1.0.2k-2.cloudlinux.5

  • updated to 1.0.2k.

To update run the command:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing 

How to check if HTTP/2 is supported:

  • Check HTTP/2 feature in phpinfo() at cURL section. It should equal "Yes".
  • run check script:

<?php

if (!defined('CURL_HTTP_VERSION_2_0')) {

    define('CURL_HTTP_VERSION_2_0', 3);

}

$version = curl_version();

if ($version["features"] & constant(CURL_VERSION_HTTP2) !== 0) {

    $url = "https://google.com/";

    $ch = curl_init();

    curl_setopt($ch,CURLOPT_URL,$url);

    curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);

    curl_setopt($ch,CURLOPT_HEADER,1);

    curl_setopt($ch,CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_2_0);

    curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);

    $response = curl_exec($ch);

    if ($response !== false && strpos($response, "HTTP/2") === 0) {

        echo "HTTP/2 support!";

    } elseif ($response !== false) {

        echo "No HTTP/2 support on server.";

    } else {

        echo curl_error($ch);

    }

    curl_close($ch);

} else {

    echo "No HTTP/2 support on client.";

}

echo "\n";

?>

Categories: Technology

MariaDB for MySQL Governor updated

Tue, 16/05/2017 - 14:29

The new updated MariaDB packages for MySQL Governor are available for download from our production repository.

MariaDB 5.5.54-2.1

MariaDB 10.0.30-1.1

ChangeLog:

  • MYSQLG-180: removed MySQL and MariaDB symlinks to init.d/mysql.

To update run:

# yum clean all # yum update cl-MariaDB*

For installation on new server run:

# yum install governor-mysql # /usr/share/lve/dbgovernor/db-select-mysql --mysql-version=MariaDB_version # /usr/share/lve/dbgovernor/mysqlgovernor.py --install
Categories: Technology

Beta: Imunify360 2.2-8 released

Tue, 16/05/2017 - 11:02

We are pleased to announce that the new updated beta Imunify360 version 2.2-8 is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at helpdesk.cloudlinux.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.2-8

Changelog:

  • DEF-1869: fixed psutil.NoSuchProcess error in cxs module;
  • DEF-1837: aggregating/optimization pure-ftpd scans;
  • DEF-1766: handling situation when Kernel unsupported in KernelCare tab;
  • DEF-1783: no flag for Åland;
  • DEF-1866: fixed default model description when update model fails;
  • DEF-1250: anomality_score must be used for SensorIncidentList DEF-1776 Parse ModSecurity version and vendor;
  • DEF-1865: installing COMODO alongside with CXS ModSec vendor;
  • DEF-1774: ignoring Comodo rules that cause false positive on WordPress upload;
  • DEF-1843: added bzip2 dependency into the spec file;
  • DEF-1846: fixed Invalid cross-device link;
  • DEF-1843: fixed keeping of temporary files on urlretrieve errors;
  • DEF-1863: fixed unexpected argument in ml_update_model;
  • DEF-1851: decreased level for ossec rule 11307 (pureftpd connections);
  • DEF-1843: added migration to delete old files from the temporary directory;
  • DEF-1864: fixed correct set TTL for alerts;
  • DEF-1794: set EOF for payload, payload is not used anyway in captcha;
  • DEF-1357: improved error handling for predict model init.

To instal new beta Imunify360 version 2.2-8 please follow the instructions inthe documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum clean all --enablerepo=imunify360-testing yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

Alt-PHP updated

Tue, 16/05/2017 - 09:37

The new updated Alt-PHP packages are available for download from our production repository.

Changelog:

alt-php70-7.0.19-1

  • (core) 74188: Null coalescing operator fails for undeclared static class properties;
  • (core) 74408: Endless loop bypassing execution time limit;
  • (core) 74410: stream_select() is broken on Windows Nanoserver;
  • (core) 74337: php-cgi.exe crash on facebook callback;
  • (core) 74216: was reverted;
  • (date) 74404: Wrong reflection on DateTimeZone::getTransitions;
  • (date) 74080: add constant for RFC7231 format datetime;
  • (dom) 74416: Wrong reflection on DOMNode::cloneNode;
  • (fileinfo) 74379: syntax error compile error in libmagic/apprentice.c;
  • (gd) 74343: compile fails on solaris 11 with system gd2 library;
  • (intl) 74433: wrong reflection for Normalizer methods;
  • (intl) 74439: wrong reflection for Locale methods;
  • (mysqli) 74432: mysqli_connect adding ":3306" to $host if $port parameter not given;
  • (mysqlnd): Added support for MySQL 8.0 types;
  • (mysqlnd) 74376: Invalid free of persistent results on error/connection loss;
  • (openssl) 73833: null character not allowed in openssl_pkey_get_private;
  • (openssl) 73711: Segfault in openssl_pkey_new when generating DSA or DH key;
  • (openssl) 74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds;
  • (openssl): Added OpenSSL 1.1.0 support;
  • (phar) 74383: phar method parameters reflection correction;
  • (standard) 74409: Reflection information for ini_get_all() is incomplete;
  • (standard) 72071: setcookie allows max-age to be negative;
  • (streams) 74429: Remote socket URI with unique persistence identifier broken;
  • (sqlite3) 74413: incorrect reflection for SQLite3::enableExceptions.

alt-php71-7.1.5-1

  • (core) 74408: Endless loop bypassing execution time limit;
  • (core) 74353: Segfault when killing within bash script trap code;
  • (core) 74340: Magic function __get has different behavior in php 7.1.x;
  • (core) 74188: Null coalescing operator fails for undeclared static class properties;
  • (core) 74444: multiple catch freezes in some cases;
  • (core) 74410: stream_select() is broken on Windows Nanoserver;
  • (core) 74337: php-cgi.exe crash on facebook callback;
  • (date) 74404: Wrong reflection on DateTimeZone::getTransitions;
  • (date) 74080: add constant for RFC7231 format datetime;
  • (dom) 74416: Wrong reflection on DOMNode::cloneNode;
  • (fileinfo) 74379: syntax error compile error in libmagic/apprentice.c;
  • (gd) 74343: compile fails on solaris 11 with system gd2 library;
  • (mysqlnd) 74376: Invalid free of persistent results on error/connection loss;
  • (intl) 65683: Intl does not support DateTimeImmutable;
  • (intl) 74298: IntlDateFormatter->format() doesn't return microseconds/fractions;
  • (intl) 74433: wrong reflection for Normalizer methods;
  • (intl) 74439: wrong reflection for Locale methods;
  • (opcache) 74456: Segmentation error while running a script in CLI mode;
  • (opcache) 74431: foreach infinite loop;
  • (opcache) 74442: Opcached version produces a nested array;
  • (openssl) 73833: null character not allowed in openssl_pkey_get_private;
  • (openssl) 73711: Segfault in openssl_pkey_new when generating DSA or DH key;
  • (openssl) 74341: openssl_x509_parse fails to parse ASN.1 UTCTime without seconds;
  • (phar) 74383: phar method parameters reflection correction;
  • (readline) 74489: readline() immediately returns false in interactive console mode;
  • (standard) 72071: setcookie allows max-age to be negative;
  • (standard) 74361: Compaction in array_rand() violates COW;
  • (streams) 74429: Remote socket URI with unique persistence identifier broken.

To update run:

yum groupupdate alt-php
Categories: Technology

Pages

Automated Visitors