HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Security update for ISPConfig 3 available (http://www.howtoforge.com/forums/showthread.php?t=57258)

till 11th May 2012 15:30

Security update for ISPConfig 3 available
 
ISPConfig 3.0.4.5 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a security patch for an SQL injection vulnerability:

http://bugtracker.ispconfig.org/inde...s&task_id=2221

It is highly recommended to install the 3.0.4.5 update immediately.
If installing the full update is not possible on your server,
then install the patch manually:

Code:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
mv -f ispconfig3_install/interface/lib/classes/listform.inc.php /usr/local/ispconfig/interface/lib/classes/

For a detailed list of changes, please see the changelog section below.

================================================== ===
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme <ft@falkotimme.com>

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3...nfig-3-manual/
http://www.howtoforge.com/download-t...onfig-3-manual
================================================== ===

-----------------------------------------------------
- Download
-----------------------------------------------------

The software can be downloaded here:

http://prdownloads.sourceforge.net/i...3.0.4.5.tar.gz

------------------------------------
- Changelog
------------------------------------

http://bugtracker.ispconfig.org/inde...&status[]=

--------------------------------------
- Known Issues:
--------------------------------------

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

--------------------------------------
- BUG Reporting
--------------------------------------

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

----------------------------------------
- Supported Linux Distributions
----------------------------------------

- Debian Etch (4.0) - Squeeze (6.0) and Debian testing
- Ubuntu 7.10 - 12.04
- OpenSuSE 11 - 12.1
- CentOS 5.2 - 6.2
- Fedora 9 - 15

-----------------------------------------
- Installation
-----------------------------------------

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

------------------------------------------
- Update
------------------------------------------

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/contro...e-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

-------------------------------------------
- Manual update instructions
-------------------------------------------

Code:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php


ngoyette 11th May 2012 16:01

thank you patching right now

keen 11th May 2012 16:24

Thank you for the support. My system seems to stop responding at the following:

Code:

ispconfig3_install/helper_scripts/debian_setup.sh
ispconfig3_install/helper_scripts/setup_in_openvz/
ispconfig3_

The last line is where the update stops. Any help is appreciated!

till 11th May 2012 16:27

Thats most likely the shell connection and not the ispconfig updater. Press the return key to continue.

keen 11th May 2012 17:05

Thank you till for your help! Two issue have now presented themselves.

1) ISPConfig is displaying the following warning:

Code:

Server: server1.example.com (Debian Unknown)
ISPConfig 3.0.4.5
State: info (0 unknown, 0 info, 1 warning, 0 critical, 0 error)
ok:
The state of your Hard-Disk space is ok [More...]
Your virus protection is ok [More...]
Your Mail queue load is ok [More...]
Your RAID is ok [More...]
Your Server load is ok [More...]
All needed services are online [More...]
The System Log is O.K. [More...]

warning:
One or more components needs an update [More...]

When I click on "More..." for the components in need of an update, the following is displayed:

Code:

Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
hdparm sudo
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst sudo [1.8.3p1-1ubuntu3] (1.8.3p1-1ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Inst hdparm [9.37-0ubuntu3] (9.37-0ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Conf sudo (1.8.3p1-1ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Conf hdparm (9.37-0ubuntu3.1 Ubuntu:12.04/precise-updates [i386])

When I return to the server status page, I continue to get the same message as above. When I log into the shell as root, it doesn't inform me there is a need to update.

2) When I try to upload a file to the server via an upload form, I receive a 500 error. Perhaps the PHP/Apache2 limits have been re-instated? After the upgrade, I left all settings "as-is" as to not cause disruption.

Once again, than you for all the help and the prompt attention.

till 11th May 2012 17:16

1) Thats ok, just wait some time. The status for os updates is refresehd only a few times a day as we would might overload the repository servers of the distributions otherwise.

2) No limits were changed by the update. At least of you havent edited any of the ispconfig apache config files manually. Take a look into the error.log of the website, you fidn the reason for the problem there.

A likely issue might be this one, but thats not configured by ispconfig:

http://www.faqforge.com/linux/fix-ht...-debian-linux/

chrism12 11th May 2012 17:52

still asking me to update
 
i have installed the update on 2 of my servers however 1 of them still says its running version 3.0.4.4 and is asking me to update while the other has updated sucessfully.

till 11th May 2012 17:55

Logout and login again. The version number is stored in the user session.

chrism12 11th May 2012 18:22

i have tried that and deleting temp internet files but it still says 3.0.4.4

till 11th May 2012 18:25

Check the files /usr/local/ispconfig/server/lib/config.inc.php and /usr/local/ispconfig/interface/lib/config.inc.php. If they contain version number 3.0.4.4, then redo the update on that server. If they contain 3.0.4.5, then the server is up to date.


All times are GMT +2. The time now is 07:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.