HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Important security update for ISPConfig 3 available (http://www.howtoforge.com/forums/showthread.php?t=56854)

till 10th April 2012 16:59

Important security update for ISPConfig 3 available
 
ISPConfig 3.0.4.4 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a critical security patch for webdav users:

http://bugtracker.ispconfig.org/inde...s&task_id=2157

It is highly recommended to install the 3.0.4.4 update immediately.
If installing the full update is not possible on your server,
then install the patch manually:

Code:

cd /tmp
wget http://www.ispconfig.org/downloads/webdav_user_edit_php.gz
gzip -d webdav_user_edit_php.gz
mv -f webdav_user_edit_php /usr/local/ispconfig/interface/web/sites/webdav_user_edit.php


For a detailed list of changes, please see the changelog section below.

================================================== ===
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme <ft@falkotimme.com>

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3...nfig-3-manual/
http://www.howtoforge.com/download-t...onfig-3-manual
================================================== ===

-----------------------------------------------------
- Download
-----------------------------------------------------

The software can be downloaded here:

http://prdownloads.sourceforge.net/i...3.0.4.4.tar.gz

------------------------------------
- Changelog
------------------------------------

http://bugtracker.ispconfig.org/inde...&status[]=

--------------------------------------
- Known Issues:
--------------------------------------

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

--------------------------------------
- BUG Reporting
--------------------------------------

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

----------------------------------------
- Supported Linux Distributions
----------------------------------------

- Debian Etch (4.0) - Squeeze (6.0) and Debian testing
- Ubuntu 7.10 - 11.10
- OpenSuSE 11 - 12.1
- CentOS 5.2 - 6.2
- Fedora 9 - 15

-----------------------------------------
- Installation
-----------------------------------------

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

------------------------------------------
- Update
------------------------------------------

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/contro...e-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

-------------------------------------------
- Manual update instructions
-------------------------------------------

Code:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php


R4IDER 10th April 2012 18:47

Thanks for the patch but there appears to be a problem, the below error appears when trying to update.

>> Update

<br />
<b>Notice</b>: Use of undefined constant E_STRICT - assumed 'E_STRICT' in <b>/tmp/ispconfig3_install/install/lib/install.lib.php</b> on line <b>53</b><br />
<br />
<b>Parse error</b>: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in <b>/tmp/ispconfig3_install/install/lib/installer_base.lib.php</b> on line <b>36</b><br />

till 10th April 2012 20:07

I dont get this error here when I update. Which update method did you use and which Linux distribution and php version.

edge 10th April 2012 20:15

Greetings from Dubai.

I habd no problem with updating my Debian Squeeze servers with ispconfig_update.sh

Keep up the good work!

Hans 10th April 2012 20:26

Hi Till,
thank you for this release!
I just updated my Debian Squeeze ISPConfig 3.0.4.3 server at home.
Now ISPConfig Version: 3.0.4.4 is installed.
All went fine. I will update the servers in the DC soon!

R4IDER 10th April 2012 20:29

Quote:

Originally Posted by till (Post 277076)
I dont get this error here when I update. Which update method did you use and which Linux distribution and php version.

Centos 5.6 and PHP Version 5.3.10.

I tried running ispconfig_update.sh and the below.


cd /tmp
wget http://www.ispconfig.org/downloads/I...-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

falko 10th April 2012 21:08

Quote:

Originally Posted by R4IDER (Post 277079)
Centos 5.6 and PHP Version 5.3.10.

I tried running ispconfig_update.sh and the below.


cd /tmp
wget http://www.ispconfig.org/downloads/I...-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Do you use eAccelerator? If so, disable it and try again.

till 10th April 2012 22:12

@R4IDER

Please try what falko suggested, if this wont help, please post the output of:

php -v

Your commandline php does not know the internal php constant E_STRICT and E_STRICT has been introduced with php 5, the same with the second error, your php does not support global variables in classes which has been introduced in php 5 as well. According to your error messages my guess is that the commandline php on your server is php 4 and not php 5.

R4IDER 10th April 2012 23:17

Quote:

Originally Posted by till (Post 277097)
@R4IDER

Please try what falko suggested, if this wont help, please post the output of:

php -v

Your commandline php does not know the internal php constant E_STRICT and E_STRICT has been introduced with php 5, the same with the second error, your php does not support global variables in classes which has been introduced in php 5 as well. According to your error messages my guess is that the commandline php on your server is php 4 and not php 5.

Thanks for your replies.

I have disabled eAccelerator and tried again but had the same result.

till, you are correct my command line PHP is not the version that is used by apache. The command line version is PHP 4.4.9, I will try and get this updated and report back.

itanium 10th April 2012 23:39

Hello,

Thank's for the quick update.

I have just a little problem:

When a customer add a database, when with my admin account i go to Site -> Database and click on the new created database i have :

Customer = i see a blank dropdown

Database name db[CLIENTID]_dbu1_newdatabase
Database user dbu[CLIENTID]_dbu1_newdatabase

Twice db[CLIENTID]_ & dbu[CLIENTID]_

A new bug ? ;)


All times are GMT +2. The time now is 14:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.