Blogroll Category: Technology

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 177 posts from the category 'Technology.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Imunify360 2.4-12 released

CloudLinux - 3 hours 35 min ago

We are pleased to announce that the new updated beta Imunify360 version 2.4-12 is now available. This latest version embodies further improvements of the product as well as new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with product or have any questions, comments or suggestions, please contact our support team at  cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Changelog:

Imunify360 2.4-12

  • DEF-2309: import CSF blocked ports into imunify360;
  • DEF-2574: ON DELETE CASCADE for hit_extras table;
  • DEF-1893: fixed trace for "imunify360-agent clean --days" with too large int;
  • DEF-2530: web scans work correctly in Plesk env;
  • DEF-2542: fixed "following configuration is already active" check for locale is not "en";
  • DEF-2156: added mail directory to inotify scanner;
  • DEF-2434: added ability to switch "Full access" for existing whitelisted IPs;
  • DEF-2489: fixed bug with full_access and move to blacklist;
  • DEF-2494: added opting out of Sentry.io Reporting;
  • DEF-2497:Added support of "--full-access" keyword to "move" & "edit" commands;
  • DEF-2540: added /tmp/.vdserver to csf.ignore;
  • DEF-2550: fixed KeyError('method',) in malformed {'msg': 'server suspended: empty server id', 'success': 'false'}

To instal new beta Imunify360 version 2.4-12 please follow the instructions inthe documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

"Hot summer brings new hot features" live webinar on July 25th

CloudLinux - Thu, 20/07/2017 - 18:59

Join Igor Seletskiy, our CEO, for a comprehensive review of all new Imunify360 features. As always, the Q&A session will follow the presentation and gives you the chance to learn more about the AI technology and what's coming next.

Live webinar will take place on Tuesday, July 25th at 12 pm EDT / 9 am PDT. 

Register here.

If you cannot attend, register anyway and we'll send you the recording after the event.

Categories: Technology

EasyApache 4 updated

CloudLinux - Thu, 20/07/2017 - 17:43

The new updated EasyApache 4 packages are available for download from our production repository.

Changelog:

ea-apr-1.5.2-8

  • built against ea-openssl.

ea-openssl-1.0.2k-5

  • moved from experimental to production.

ea-apache24-2.4.25-11

  • added HTTP2 support, disabled HTTP2 building on 32-bit architectures.

ea-apache24-config-1.0-106

  • EA-6159: have fallback errordoc check for existence of .shtml file.

ea-libcurl-7.53.1-3

  • added HTTP2 support.

ea-apache24-mod_bw-0.92-2

  • adjusted installation to ULC/scripts.

ea-apache24-mod_mpm_itk-2.4.7.4-2

  • EA-6232: added conflict for mod_http2.

ea-php-cli-0.2.0-4

  • EA-6333: supports MultiPHP System's non ea- SCL PHPs.

To upgrade run the command:

yum update ea-apr ea-openssl ea-apache24 ea-apache24-config ea-libcurl ea-php-cli ea-apache24-mod_bw
Categories: Technology

Imunify360 2.3-32 released

CloudLinux - Thu, 20/07/2017 - 14:02

We are pleased to announce that the new Imunify360 2.3-32 production version is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.3-32

Changelog:

  • renamed "Move files to quarantine" option and changed description;
  • DEF-2178: backport - extended info for quarantined files (UI);
  • DEF-2406: fixed incorrect domains count in infected-domains.

To install new Imunify360 production version 2.3-32 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum clean all yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

HardenedPHP updated

CloudLinux - Thu, 20/07/2017 - 13:43

The new updated HardenedPHP packages are available for download from our production repository.

Changelog:

alt-php71-7.1.7-2

alt-php70-7.0.21-2

alt-php56-5.6.31-2

  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php55-5.5.38-19

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php54-5.4.45-37

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php53-5.3.29-53

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php52-5.2.17-103

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php51-5.1.6-77

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php44-4.4.9-67

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-pcre-8.40-1

  • updated to 8.40.

To install run:

yum groupinstall alt-php
Categories: Technology

PHP 7.2.0 Beta 1 Released

PHP - Thu, 20/07/2017 - 13:00
Categories: Technology

Beta: mod_lsapi updated

CloudLinux - Thu, 20/07/2017 - 10:54

The new updated mod_lsapi packages for CloudLinux 6 and 7 as well as for Apache 2.4 (CloudLinux 6) and EasyApache 4 (CloudLinux 6 and 7) are available from our updates-testing repository.

mod_lsapi 1.1-15

ea-apache24-mod_lsapi 1.1-15

httpd24-mod_lsapi 1.1-15

Changelog:

  • MODLS-436: added force option to switch_mod_lsapi --setup;
  • MODLS-429: switch_mod_lsapi --build-native-lsphp is not executed randomly after upcp on EA3;
  • MODLS-433: new mechanism lsapi and web-interface of cPanel. Proposed by cPanel team.

Added --force option  (never prompt) for /usr/bin/switch_mod_lsapi --setup utility (for EasyApache 4 only).

Example:

# /usr/bin/switch_mod_lsapi --force --setup

During the setup, the utility can ask to resolve different situations, depending on how the mod_lsapi was configured before, follow the link for details https://docs.cloudlinux.com/mod_lsapi_installation.html.

Please be careful with --force option, we don't recommend to use it without need. Always check your configuration after force setup mod_lsapi.

To update:

cPanel & RPM Based

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing $ service httpd restart

DirectAdmin

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ cd /usr/local/directadmin/custombuild $ ./build set cloudlinux_beta yes $ ./build update $ ./build mod_lsapi

To install, follow the instructions on the link:

http://docs.cloudlinux.com/index.html?installation_mod_lsapi.html

For EasyApache 4

To update:

$ yum update liblsapi liblsapi-devel ea-apache24-mod_lsapi --enablerepo=cl-ea4-testing --enablerepo=cloudlinux-updates-testing $ service httpd restart 

If you are using ea-apache24-mod_lsapi-1.1-9 or lower, after update, all of your domains that used mod_lsapi will be switched to suphp as default php handler used from MultiPHP Manager. To turn on mod_lsapi back, go to MultiPHP Manager and chose lsapi handler.

To install:

$ yum-config-manager --enable cl-ea4-testing $ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing

read http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

$ yum-config-manager --disable cl-ea4-testing

Go to MultiPHP Manager and enable mod_lsapi on your domains through lsapi handler

To remove mod_lsapi:

Before deleting mod_lsapi, make sure to change the lsapi handler to any other from MultiPHP Manager.

http24 for CloudLinux 6

For installation/update run:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum install httpd24-mod_lsapi --enablerepo=cloudlinux-updates-testing
Categories: Technology

Aquele Abraço Rio de Janeiro: Cloudflare's 116th Data Center!

CloudFlare - Wed, 19/07/2017 - 18:56

Cloudflare is excited to announce our newest data center in Rio de Janeiro, Brazil. This is our eighth data center in South America, and expands the Cloudflare network to 116 cities across 57 countries. Our newest deployment will improve the performance and security of over six million Internet applications across Brazil, while providing redundancy to our existing São Paulo data center. As additional ISPs peer with us at the local internet exchange (IX.br), we’ll be able to provide even closer coverage to a growing share of Brazil Internet users.

A Cloudflare está muito feliz de anunciar o nosso mais recente data center: Rio de Janeiro, Brasil. Este é o nosso oitavo data center na América do Sul, e com ele a rede da Cloudflare se expande por 116 cidades em 57 países. Este lançamento vai acelerar e proteger mais de seis milhões de sites e aplicações web pelo Brasil, também provendo redundância para o nosso data center em São Paulo. Provendo acesso à nossa rede para mais parceiros através do Ponto de Troca de Tráfego (IX-RJ), nós estamos chegando mais perto dos usuários da Internet em todo o Brasil.


alt

History

Rio de Janeiro plays a great role in the history of Internet in Brazil. In 1988, the National Laboratory of Scientific Computation, headquartered in Rio de Janeiro connected to the University of Maryland via Bitnet, a network to exchange messages. The next year, the Federal University of Rio de Janeiro also connected to Bitnet, becoming the third institution (with São Paulo State Foundation for Research Support) to have access to this technology.

O Rio de janeiro tem papel central na história da Internet no Brasil. Em 1988, o Laboratório Nacional de Computação Científica (LNCC), conectou-se à Universidade de Mariland através da Bitnet, que era uma rede que permitia o envio de e-mail entre as instituições acadêmicas. Em 1989, a Universidade Federal do Rio de Janeiro também se conectou na Bitnet através de outra universidade americana, se tornando a terceira instituição Brasileira a se conectar na Internet (a FAPESP também já estava na rede).

alt
CC BY-NC 2.0 image by Lau Rey

Today, the city of Rio de Janeiro is very well connected. Internet access can be found all over, and better connectivity can boost entrepreneurship. In some Favelas (slums), the residents are creating their own ISPs, providing Internet access to some users that big ISPs are not able to reach.

Hoje, a cidade do Rio de Janeiro é muito bem conectada. Acesso à internet pode ser encontrado em todo lugar, inclusive incentivando o empreendedorismo. Em algumas favelas os próprios moradores criaram seus provedores de internet via Wi-Fi, e estão proporcionando a inclusão digital em áreas onde os grandes provedores não chegam.

LatAm expansion

We have an additional eight datacenters in progress across Latin America. If managing the many moving parts of building a large global network interest you, come join our team!

Nós temos mais oito datacenters a caminho na América Latina. Se você se interessa em gerenciar uma rede de alcance global, venha fazer parte do nosso time!

-The Cloudflare team

Categories: Technology

Imunify360 2.3-31 released

CloudLinux - Wed, 19/07/2017 - 18:29

We are pleased to announce that the new Imunify360 2.3-31 production version is now available. The latest version embodies further improvements of the product as well as the new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.3-31

Changelog:

DEF-1893: fixed trace for "imunify360-agent clean --days" with too large int; DEF-2530: web scans work correctly in Plesk env; DEF-2542: "following configuration is already active" issue fixed; DEF-2540: added /tmp/.vdserver to csf.ignore; DEF-2550: fixed KeyError('method',) in malformed {'msg': 'server suspended: empty server id', 'success': 'false'}.

To install new Imunify360 production version 2.3-31 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum clean all yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

Ninth Circuit Rules on National Security Letter Gag Orders

CloudFlare - Tue, 18/07/2017 - 19:39

As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NSLs) to demand user data on a confidential basis. On Monday morning, a three-judge panel of the U.S. Ninth Circuit Court of Appeals released the latest decision in our lawsuit, and endorsed the use of gag orders that severely restrict a company's disclosures related to NSLs.

CC-BY 2.0 image by a200/a77Wells

This is the latest chapter in a court proceeding that dates back to 2013, when Cloudflare initiated a challenge to the previous form of the NSL statute with the help of our friends at EFF. Our efforts regarding NSLs have already seen considerable success. After a federal district court agreed with some of our arguments, Congress passed a new law that addressed transparency, the USA FREEDOM Act. Under the new law, companies were finally permitted to disclose the number of NSLs they receive in aggregate bands of 250. But there were still other concerns about judicial review or limitation of gag orders that remained.

Today’s outcome is disappointing for Cloudflare. NSLs are “administrative subpoenas” that fall short of a warrant, and are frequently accompanied by nondisclosure requirements that restrict even bare disclosures regarding the receipt of such letters. Such gag orders hamper transparency efforts, and limit companies’ ability to participate in the political process around surveillance reform.

What did the Court say?

In its ruling, the Ninth Circuit upheld NSL gag orders by ruling that the current system does not run afoul of the First Amendment. Currently, the laws governing the issuance of NSLs permit a nondisclosure requirement so long as the requesting official certifies that the lack of a prohibition “may result” in certain types of harm. However, there is no judicial scrutiny of these claims before the gag order goes into full effect. Only once the restriction has already been imposed can a company seek judicial review before a court. Furthermore, the FBI must only reassess the gag order at three years in, or when investigation has closed.

Along with our co-petitioner, CREDO Mobile, Cloudflare challenged the NSL gag orders as a “prior restraint” on free speech. In First Amendment law, prior restraints are judicial orders or administrative rules that function to suppress speech before it ever takes place. There is a heavy presumption against the constitutionality of prior restraints, but they can be justified in narrowly defined circumstances or if the restraint follows certain procedural safeguards. In the context of NSLs, we considered those safeguards to be lacking.

The Appeals Court disagreed: in its ruling, the Court determined that NSL gag order was indeed a prior restraint subject to “strict” constitutional scrutiny, but that such orders were “narrowly tailored to a compelling state interest” and provided enough procedural safeguards to pass constitutional muster.

What’s Next?

While we are still reviewing the specifics of the court’s decision, Cloudflare will continue to report on NSLs to the extent permitted by law. We will also continue to work with EFF as we weigh how to proceed: the next steps may be to make a request for an en banc appeal all the members of the 9th Circuit, or petition the U.S. Supreme Court to take up the case.

Cloudflare’s approach to law enforcement requests will continue to be that while we are supportive of their work, any requests we receive must adhere to due process, and be subject to judicial oversight. When we first decided to challenge the FBI’s request for customer information through a confidential NSL, we were a much smaller company. It was not an easy decision, but we decided to contest a gag order that we felt was overbroad and in violation of our principles. We are grateful to our friends at EFF for taking our case, and applaud the excellent job they have done pushing this effort.

Categories: Technology

Beta: EasyApache 4 updated

CloudLinux - Tue, 18/07/2017 - 16:16

The new updated EasyApache 4 packages are available for download from our beta repository.

Changelog:

ea-apr-1.5.2-8

  • built against ea-openssl.

ea-openssl-1.0.2k-5

  • moved from experimental to production.

ea-apache24-2.4.25-11

  • disabled HTTP2 building on 32bit architectures.

ea-apache24-config-1.0-106

  • EA-6159: have fallback errordoc check for existence of .shtml file.

ea-libcurl-7.53.1-3

  • added HTTP2 support.

ea-apache24-mod_bw-0.92-2

  • adjusted installation to ULC/scripts.

ea-apache24-mod_mpm_itk-2.4.7.4-2

  • EA-6232: added conflict for mod_http2.

ea-php-cli-0.2.0-4

  • EA-6333: supporting MultiPHP Systems non ea- SCL PHPs.

To upgrade run the command:

yum update --enablerepo=cl-ea4-testing ea-apr ea-openssl ea-apache24 ea-apache24-config ea-libcurl ea-php-cli ea-apache24-mod_bw
Categories: Technology

CageFS updated

CloudLinux - Tue, 18/07/2017 - 16:02

The new updated CageFS version 6.0-50 is available for download from our production repository.

Changelog:

cagefs-6.0-50

  • CAG-721: made CGIEmail and CGIEcho function properly inside CageFS - disabled by default;
  • CAG-728 fixed sanity-check fails if login process isn't silent;
  • CAG-701: cleaning PHP sessions like cPanel does (part 2 - use defaults when parsing of php.ini has failed);
  • CAG-733: fixed error while executing ea-phpXX on cPanel 65.9999 (build 195);
  • WEB-613: improved performance of CageFS plugin in cPanel version 64, 66;
  • WEB-620: added logo icon for Plesk17.5 in extensions window.

To update run:

yum update cagefs
Categories: Technology

Beta: Imunify360 2.4-8 released

CloudLinux - Tue, 18/07/2017 - 14:45

We are pleased to announce that the new updated beta Imunify360 version 2.4-8 is now available. This latest version embodies further improvements of the product as well as new features. Imunify360 also has become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with product or have any questions, comments or suggestions, please contact our support team at  cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Changelog:

Imunify360 2.4-8

  • DEF-2406: fixed incorrect domains count in infected-domains;
  • DEF-2493: user friendly errors for Hosting panel CLI;
  • DEF-2518: balanced graylist and dos list 'expiration';
  • DEF-2519: skipping certs without key in PleskSSL;
  • DEF-2129: fixed bug in retries incidents;
  • DEF-2113: fixed case when news title never hid;
  • DEF-2178: displaying domain on UI for mod_sec scan in Quarantine/Suspicious tab;
  • DEF-2461: added explanation that disabling rules is possible only from Incidents.

To instal new beta Imunify360 version 2.4-8 please follow the instructions inthe documentation.

The upgrading is available since 2.0-19 version.

To upgrade Imunify360 run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

Take the Survey on the Community Governance Summit

Drupal - Tue, 18/07/2017 - 14:28

I recently shared the community needs and potential strategies for evolving community governance, which resulted from the Community Discussions we held in person and online throughout April and May. You can find the webinar recording and written transcript, as well as the meeting minutes from all Community Discussions, at https://www.drupal.org/community/discussions.

Many community members who participated in these discussions agreed that the next step to take in this process is to hold a Community Governance Summit. However, we are not yet clear on where and when this event should take place, who should participate, and several other important details. I worked with community members to develop this survey so we can answer those questions.

Please take 5 minutes to take this community survey and tell us your thoughts about the Community Governance Summit. This survey will remain open until 11:59pm EDT on July 28, 2017. We will analyze the findings and report back on what we learned in a follow-up blog post by Friday, August 4.

Thank you for your time and participation.

Categories: Technology

Beta: HardenedPHP updated

CloudLinux - Tue, 18/07/2017 - 13:46

The new updated HardenedPHP packages are available for download from our updates-testing repository.

Changelog:

alt-php71-7.1.7-2

alt-php70-7.0.21-2

alt-php56-5.6.31-2

  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php55-5.5.38-19

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php54-5.4.45-37

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php53-5.3.29-53

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php52-5.2.17-103

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php51-5.1.6-77

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145);
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue);
  • CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue);
  • CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue);
  • CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue);
  • CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue);
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

alt-php44-4.4.9-67

  • CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV;
  • CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • CVE-2017-7890: Buffer over-read into uninitialized memory;
  • bug70436: Use After Free Vulnerability in unserialize();
  • bug74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • ALTPHP-351: made lsphp error messages more informative;
  • ALTPHP-354: SIGCHILD handler fix after CRIU restoring.

To install run:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing
Categories: Technology

Beta: EasyApache 4 updated

CloudLinux - Tue, 18/07/2017 - 08:04

The new updated ea-apache24-mod_mpm_itk package is available for download from our EA4 beta repository.

ea-apache24-mod_mpm_itk 2.4.7.4-2.cloudlinux.1 x

Changelog:

  • added LVE support.

For installation:

  1. Read: http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html

  2. Run:

$ yum update ea-apache24-mod_mpm_itk --enablerepo=cl-ea4-testing $ service httpd restart

For update run:

$ yum update ea-apache24-mod_mpm_itk --enablerepo=cl-ea4-testing $ service httpd restart
Categories: Technology

Beta: CageFS updated

CloudLinux - Mon, 17/07/2017 - 16:46

The new updated CageFS version 6.0-50 is available for download from our beta repository.

Changelog:

cagefs-6.0-50

  • CAG-721: made CGIEmail and CGIEcho function properly inside CageFS - disabled by default;
  • CAG-728 fixed sanity-check fails when login process was not silent.

To update run:

yum clean all --enablerepo=cloudlinux-updates-testing yum update cagefs --enablerepo=cloudlinux-updates-testing
Categories: Technology

Beta: Alt-Python updated

CloudLinux - Mon, 17/07/2017 - 11:24

The new updated Alt-Python version 3.6.1-1 is available for download from our beta repository.

Changelog:

alt-python36-3.6.1-1

  • updated to Python 3.6.1, check the full changelog for details.

To upgrade run:

yum clean all --enablerepo=cloudlinux-updates-testing yum groupinstall alt-python --enablerepo=cloudlinux-updates-testing

Categories: Technology

Alt-Ruby updated

CloudLinux - Mon, 17/07/2017 - 10:08

The new updated Alt-Ruby packages are available for download from our production repository.

Changelog:

alt-ruby22-2.2.7-22

  • updated to Ruby 2.2.7, check the full changelog for details.

alt-ruby23-2.3.4-14

  • updated to Ruby 2.3.4, check the commit logs for details.

alt-ruby24-2.4.1-2

  • updated to Ruby 2.4.1, check the commit logs for details.

To upgrade run the command:

yum groupinstall alt-ruby
Categories: Technology

Drupal Association Board Meeting Summary - 28 June, 2017

Drupal - Sat, 15/07/2017 - 20:09

On 28 June, 2017, the Drupal Association Board held the second of four annual public meetings. It was a full meeting where staff provided operational updates and gained some strategic direction from board members on how to proceed in various areas. Some highlights included:

  • Summary of DrupalCon Baltimore’s performance and impact.

  • Progress on securing future DrupalCon locations.

  • Discussion on how to unblock community outreach efforts by making appropriate changes to the Drupal.org privacy policy

  • An update on the Drupal.org infrastructure RFP that was recently awarded to Tag1.

Whitney Hess also attended the board meeting to give an update on the Community Discussion work and invited the community to attend her webinar that shared her findings and next steps. You can learn more and watch the recorded webinar here.

Also, Jamie Nau, our “virtual CFO” from Summit CPA attended the meeting to review April 2017 financial statements, which showed that DrupalCon Baltimore exceeded expectations, positioning the Drupal Association for a healthier year, financially. This is encouraging news as we work through our financial turnaround, which started a year ago.

In an effort to be more transparent about board activities, the board chose to use this public forum to vote to approve the January through April 2017 financial statements. April 2017 financial statements showed that April was a successful month primarily due to DrupalCon Baltimore's strong financial performance. 

You can find the meeting minutes and board materials here

We were pleased to have community members attend and invite you to attend our next board meeting on 27 September, 2017 at noon CEST. It is located in the DrupalCon Vienna convention center and can also be attended via zoom.  

Categories: Technology

Pages

Subscribe to oakleys.org.uk aggregator - Technology
Additional Terms