Blogroll: CloudLinux

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 100 posts from the blog 'CloudLinux.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Subscribe to CloudLinux feed
All blog entries from https://www.cloudlinux.com/
Updated: 16 min 46 sec ago

Imunify360 2.4-12 released

3 hours 37 min ago

We are pleased to announce that the new updated beta Imunify360 version 2.4-12 is now available. This latest version embodies further improvements of the product as well as new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with product or have any questions, comments or suggestions, please contact our support team at  cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Changelog:

Imunify360 2.4-12

  • DEF-2309: import CSF blocked ports into imunify360;
  • DEF-2574: ON DELETE CASCADE for hit_extras table;
  • DEF-1893: fixed trace for "imunify360-agent clean --days" with too large int;
  • DEF-2530: web scans work correctly in Plesk env;
  • DEF-2542: fixed "following configuration is already active" check for locale is not "en";
  • DEF-2156: added mail directory to inotify scanner;
  • DEF-2434: added ability to switch "Full access" for existing whitelisted IPs;
  • DEF-2489: fixed bug with full_access and move to blacklist;
  • DEF-2494: added opting out of Sentry.io Reporting;
  • DEF-2497:Added support of "--full-access" keyword to "move" & "edit" commands;
  • DEF-2540: added /tmp/.vdserver to csf.ignore;
  • DEF-2550: fixed KeyError('method',) in malformed {'msg': 'server suspended: empty server id', 'success': 'false'}

To instal new beta Imunify360 version 2.4-12 please follow the instructions inthe documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

"Hot summer brings new hot features" live webinar on July 25th

Thu, 20/07/2017 - 18:59

Join Igor Seletskiy, our CEO, for a comprehensive review of all new Imunify360 features. As always, the Q&A session will follow the presentation and gives you the chance to learn more about the AI technology and what's coming next.

Live webinar will take place on Tuesday, July 25th at 12 pm EDT / 9 am PDT. 

Register here.

If you cannot attend, register anyway and we'll send you the recording after the event.

Categories: Technology

EasyApache 4 updated

Thu, 20/07/2017 - 17:43

The new updated EasyApache 4 packages are available for download from our production repository.

Changelog:

ea-apr-1.5.2-8

  • built against ea-openssl.

ea-openssl-1.0.2k-5

  • moved from experimental to production.

ea-apache24-2.4.25-11

  • added HTTP2 support, disabled HTTP2 building on 32-bit architectures.

ea-apache24-config-1.0-106

  • EA-6159: have fallback errordoc check for existence of .shtml file.

ea-libcurl-7.53.1-3

  • added HTTP2 support.

ea-apache24-mod_bw-0.92-2

  • adjusted installation to ULC/scripts.

ea-apache24-mod_mpm_itk-2.4.7.4-2

  • EA-6232: added conflict for mod_http2.

ea-php-cli-0.2.0-4

  • EA-6333: supports MultiPHP System's non ea- SCL PHPs.

To upgrade run the command:

yum update ea-apr ea-openssl ea-apache24 ea-apache24-config ea-libcurl ea-php-cli ea-apache24-mod_bw
Categories: Technology

Imunify360 2.3-32 released

Thu, 20/07/2017 - 14:02

We are pleased to announce that the new Imunify360 2.3-32 production version is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.3-32

Changelog:

  • renamed "Move files to quarantine" option and changed description;
  • DEF-2178: backport - extended info for quarantined files (UI);
  • DEF-2406: fixed incorrect domains count in infected-domains.

To install new Imunify360 production version 2.3-32 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum clean all yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

HardenedPHP updated

Thu, 20/07/2017 - 13:43

The new updated HardenedPHP packages are available for download from our production repository.

Changelog:

alt-php71-7.1.7-2

alt-php70-7.0.21-2

alt-php56-5.6.31-2

  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php55-5.5.38-19

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php54-5.4.45-37

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php53-5.3.29-53

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php52-5.2.17-103

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php51-5.1.6-77

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php44-4.4.9-67

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-pcre-8.40-1

  • updated to 8.40.

To install run:

yum groupinstall alt-php
Categories: Technology

Beta: mod_lsapi updated

Thu, 20/07/2017 - 10:54

The new updated mod_lsapi packages for CloudLinux 6 and 7 as well as for Apache 2.4 (CloudLinux 6) and EasyApache 4 (CloudLinux 6 and 7) are available from our updates-testing repository.

mod_lsapi 1.1-15

ea-apache24-mod_lsapi 1.1-15

httpd24-mod_lsapi 1.1-15

Changelog:

  • MODLS-436: added force option to switch_mod_lsapi --setup;
  • MODLS-429: switch_mod_lsapi --build-native-lsphp is not executed randomly after upcp on EA3;
  • MODLS-433: new mechanism lsapi and web-interface of cPanel. Proposed by cPanel team.

Added --force option  (never prompt) for /usr/bin/switch_mod_lsapi --setup utility (for EasyApache 4 only).

Example:

# /usr/bin/switch_mod_lsapi --force --setup

During the setup, the utility can ask to resolve different situations, depending on how the mod_lsapi was configured before, follow the link for details https://docs.cloudlinux.com/mod_lsapi_installation.html.

Please be careful with --force option, we don't recommend to use it without need. Always check your configuration after force setup mod_lsapi.

To update:

cPanel & RPM Based

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing $ service httpd restart

DirectAdmin

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ cd /usr/local/directadmin/custombuild $ ./build set cloudlinux_beta yes $ ./build update $ ./build mod_lsapi

To install, follow the instructions on the link:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

For EasyApache 4

To update:

$ yum update liblsapi liblsapi-devel ea-apache24-mod_lsapi --enablerepo=cl-ea4-testing --enablerepo=cloudlinux-updates-testing $ service httpd restart 

If you are using ea-apache24-mod_lsapi-1.1-9 or lower, after update, all of your domains that used mod_lsapi will be switched to suphp as default php handler used from MultiPHP Manager. To turn on mod_lsapi back, go to MultiPHP Manager and chose lsapi handler.

To install:

$ yum-config-manager --enable cl-ea4-testing $ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing

read http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

$ yum-config-manager --disable cl-ea4-testing

Go to MultiPHP Manager and enable mod_lsapi on your domains through lsapi handler

To remove mod_lsapi:

Before deleting mod_lsapi, make sure to change the lsapi handler to any other from MultiPHP Manager.

http24 for CloudLinux 6

For installation/update run:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum install httpd24-mod_lsapi --enablerepo=cloudlinux-updates-testing
Categories: Technology

Imunify360 2.3-31 released

Wed, 19/07/2017 - 18:29

We are pleased to announce that the new Imunify360 2.3-31 production version is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.3-31

Changelog:

DEF-1893: fixed trace for "imunify360-agent clean --days" with too large int; DEF-2530: web scans work correctly in Plesk env; DEF-2542: "following configuration is already active" issue fixed; DEF-2540: added /tmp/.vdserver to csf.ignore; DEF-2550: fixed KeyError('method',) in malformed {'msg': 'server suspended: empty server id', 'success': 'false'}.

To install new Imunify360 production version 2.3-31 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum clean all yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

Beta: EasyApache 4 updated

Tue, 18/07/2017 - 16:16

The new updated EasyApache 4 packages are available for download from our beta repository.

Changelog:

ea-apr-1.5.2-8

  • built against ea-openssl.

ea-openssl-1.0.2k-5

  • moved from experimental to production.

ea-apache24-2.4.25-11

  • disabled HTTP2 building on 32bit architectures.

ea-apache24-config-1.0-106

  • EA-6159: have fallback errordoc check for existence of .shtml file.

ea-libcurl-7.53.1-3

  • added HTTP2 support.

ea-apache24-mod_bw-0.92-2

  • adjusted installation to ULC/scripts.

ea-apache24-mod_mpm_itk-2.4.7.4-2

  • EA-6232: added conflict for mod_http2.

ea-php-cli-0.2.0-4

  • EA-6333: supporting MultiPHP Systems non ea- SCL PHPs.

To upgrade run the command:

yum update --enablerepo=cl-ea4-testing ea-apr ea-openssl ea-apache24 ea-apache24-config ea-libcurl ea-php-cli ea-apache24-mod_bw
Categories: Technology

CageFS updated

Tue, 18/07/2017 - 16:02

The new updated CageFS version 6.0-50 is available for download from our production repository.

Changelog:

cagefs-6.0-50

  • CAG-721: made CGIEmail and CGIEcho function properly inside CageFS - disabled by default;
  • CAG-728 fixed sanity-check fails if login process isn't silent;
  • CAG-701: cleaning PHP sessions like cPanel does (part 2 - use defaults when parsing of php.ini has failed);
  • CAG-733: fixed error while executing ea-phpXX on cPanel 65.9999 (build 195);
  • WEB-613: improved performance of CageFS plugin in cPanel version 64, 66;
  • WEB-620: added logo icon for Plesk17.5 in extensions window.

To update run:

yum update cagefs
Categories: Technology

Beta: Imunify360 2.4-8 released

Tue, 18/07/2017 - 14:45

We are pleased to announce that the new updated beta Imunify360 version 2.4-8 is now available. This latest version embodies further improvements of the product as well as new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with product or have any questions, comments or suggestions, please contact our support team at  cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Changelog:

Imunify360 2.4-8

  • DEF-2406: fixed incorrect domains count in infected-domains;
  • DEF-2493: user friendly errors for Hosting panel CLI;
  • DEF-2518: balanced graylist and dos list 'expiration';
  • DEF-2519: skipping certs without key in PleskSSL;
  • DEF-2129: fixed bug in retries incidents;
  • DEF-2113: fixed case when news title never hid;
  • DEF-2178: displaying domain on UI for mod_sec scan in Quarantine/Suspicious tab;
  • DEF-2461: added explanation that disabling rules is possible only from Incidents.

To instal new beta Imunify360 version 2.4-8 please follow the instructions inthe documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

Beta: HardenedPHP updated

Tue, 18/07/2017 - 13:46

The new updated HardenedPHP packages are available for download from our updates-testing repository.

Changelog:

alt-php71-7.1.7-2

alt-php70-7.0.21-2

alt-php56-5.6.31-2

  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php55-5.5.38-19

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php54-5.4.45-37

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php53-5.3.29-53

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php52-5.2.17-103

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php51-5.1.6-77

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php44-4.4.9-67

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

To install run:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing
Categories: Technology

Beta: EasyApache 4 updated

Tue, 18/07/2017 - 08:04

The new updated ea-apache24-mod_mpm_itk package is available for download from our EA4 beta repository.

ea-apache24-mod_mpm_itk 2.4.7.4-2.cloudlinux.1 x

Changelog:

  • added LVE support.

For installation:

  1. Read: http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

  2. Run:

$ yum update ea-apache24-mod_mpm_itk --enablerepo=cl-ea4-testing $ service httpd restart

For update run:

$ yum update ea-apache24-mod_mpm_itk --enablerepo=cl-ea4-testing $ service httpd restart
Categories: Technology

Beta: CageFS updated

Mon, 17/07/2017 - 16:46

The new updated CageFS version 6.0-50 is available for download from our beta repository.

Changelog:

cagefs-6.0-50

  • CAG-721: made CGIEmail and CGIEcho function properly inside CageFS - disabled by default;
  • CAG-728 fixed sanity-check fails when login process was not silent.

To update run:

yum clean all --enablerepo=cloudlinux-updates-testing yum update cagefs --enablerepo=cloudlinux-updates-testing
Categories: Technology

Beta: Alt-Python updated

Mon, 17/07/2017 - 11:24

The new updated Alt-Python version 3.6.1-1 is available for download from our beta repository.

Changelog:

alt-python36-3.6.1-1

  • updated to Python 3.6.1, check the full changelog for details.

To upgrade run:

yum clean all --enablerepo=cloudlinux-updates-testing yum groupinstall alt-python --enablerepo=cloudlinux-updates-testing

Categories: Technology

Alt-Ruby updated

Mon, 17/07/2017 - 10:08

The new updated Alt-Ruby packages are available for download from our production repository.

Changelog:

alt-ruby22-2.2.7-22

  • updated to Ruby 2.2.7, check the full changelog for details.

alt-ruby23-2.3.4-14

  • updated to Ruby 2.3.4, check the commit logs for details.

alt-ruby24-2.4.1-2

  • updated to Ruby 2.4.1, check the commit logs for details.

To upgrade run the command:

yum groupinstall alt-ruby
Categories: Technology

PHP for EasyApache 4 updated

Fri, 14/07/2017 - 11:38

The new updated ea-php packages are available for download from our production repository.

Changelog:

ea-php56-5.6.31-1.cloudlinux

  • (core) 73807: Performance problem with processing post request over 2000000 chars;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal(;
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (wddx) 74145: wddx parsing empty boolean tag leads to SIGSEGV;
  • LSPHP SAPI updated to 6.11.

ea-php70-7.0.21-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
  • (intl) 73634: grapheme_strpos illegal memory access;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (standard) 74708: Invalid Reflection signatures for random_bytes and random_int;
  • (standard) 73648: Heap buffer overflow in substr;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

ea-php71-7.1.7-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (date) 74639: implement clone for DatePeriod and DateInterval;
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (opcache): Revert opcache.enable_cli to default disabled;
  • (openssl) 74720: pkcs7_en/decrypt does not work if \x1a is used in content;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

To update run the command:

yum update ea-php*
Categories: Technology

Beta: LVE Manager, lve-utils and CageFS updated

Fri, 14/07/2017 - 07:59

The new updated LVE Manager, lve-utils and CageFS packages are available for download from our beta repository.

Changelog:

cagefs-6.0-49

  • CAG-701: cleaning PHP sessions like cPanel does (part 2 - using defaults when parsing of php.ini has failed);
  • CAG-733: fixed error when executing ea-phpXX on cPanel 65.9999 (build 195);
  • WEB-613: checked performance of cagefs plugin in cPanel for version 64, 66;
  • WEB-620: added logo icon for Plesk17.5 in extensions window.

lvemanager-2.0-31

  • WEB-624: separate soft and hard inodes according to new design;
  • WEB-612: activated StatsNotifier settings in web-interface for DirectAdmin and Plesk;
  • WEB-620: added logo icon for Plesk17.5 in extensions window;
  • WEB-613: checked performance of lvemanager plugin in cPanel for version 64, 66;
  • WEB-589: show full path to a folder with emails templates in the Options tab for DA and Plesk;
  • WEB-623: VMEM limits field is hidden when limit value is zero;
  • WEB-622: redundant UI elements are not available for DEFAULT user;
  • WEB-633: fixed issue with sending of cookie header in DA;
  • LVEMAN-1131: selectorctl  correctly processes symlinks to users' home directories.

lve-utils-1.5-55

  • LU-455: cldetectlib: improved performance for ISP5.

To update run:

yum clean all --enablerepo=cloudlinux-updates-testing yum update cagefs lvemanager lve-utils --enablerepo=cloudlinux-updates-testing
Categories: Technology

Imunify360 2.3-30 released

Thu, 13/07/2017 - 20:04

We are pleased to announce that the new Imunify360 2.3-30 production version is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.3-30

Changelog:

  • DEF-2519: skip certs without key in Plesk SSL;
  • Plesk: preformance improvements.

To install new Imunify360 version 2.3-30 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum clean all yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

CloudLinux 6 kernel updated

Thu, 13/07/2017 - 14:29

The new updated CloudLinux 6 kernel version 2.6.32-673.26.1.lve1.4.30 is available for download from our production repository.

Changelog since 2.6.32-673.26.1.lve1.4.29:

  • CKSIX-109: backported fix for r1soft backup solution from CL7;
  • CKSIX-117: optimized memory allocation mechanism in network operations;
  • CKSIX-120: do not kill kernel threads while OOM.

To install new kernel please run the following command:

yum install kernel-2.6.32-673.26.1.lve1.4.30.el6 kmod-lve-1.4-30.el6
Categories: Technology

Beta: PHP for EasyApache 4 updated

Thu, 13/07/2017 - 14:06

The new updated ea-php packages are available for download from our updates-testing repository.

Changelog:

ea-php56-5.6.31-1.cloudlinux

  • (core) 73807: Performance problem with processing post request over 2000000 chars;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal(;
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (wddx) 74145: wddx parsing empty boolean tag leads to SIGSEGV;
  • LSPHP SAPI updated to 6.11.

ea-php70-7.0.21-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
  • (intl) 73634: grapheme_strpos illegal memory access;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (standard) 74708: Invalid Reflection signatures for random_bytes and random_int;
  • (standard) 73648: Heap buffer overflow in substr;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

ea-php71-7.1.7-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (date) 74639: implement clone for DatePeriod and DateInterval;
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (opcache): Revert opcache.enable_cli to default disabled;
  • (openssl) 74720: pkcs7_en/decrypt does not work if \x1a is used in content;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

To update run the command:

yum clean all --enablerepo=cl-ea4-testing yum update ea-php* --enablerepo=cl-ea4-testing
Categories: Technology

Pages

Additional Terms