Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th May 2012, 15:30
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default Security update for ISPConfig 3 available

ISPConfig 3.0.4.5 is available for download. This release is a bugfix release for ISPConfig 3.0.4.

This release contains a security patch for an SQL injection vulnerability:

http://bugtracker.ispconfig.org/inde...s&task_id=2221

It is highly recommended to install the 3.0.4.5 update immediately.
If installing the full update is not possible on your server,
then install the patch manually:

Code:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
mv -f ispconfig3_install/interface/lib/classes/listform.inc.php /usr/local/ispconfig/interface/lib/classes/
For a detailed list of changes, please see the changelog section below.

================================================== ===
*** New! The ISPConfig 3 manual is now available! ***

Version 1.3 for ISPConfig >= 3.0.4 (Date: 10/25/2011)
Author: Falko Timme <ft@falkotimme.com>

333 pages

The manual can be downloaded from these two links:

http://www.ispconfig.org/ispconfig-3...nfig-3-manual/
http://www.howtoforge.com/download-t...onfig-3-manual
================================================== ===

-----------------------------------------------------
- Download
-----------------------------------------------------

The software can be downloaded here:

http://prdownloads.sourceforge.net/i...3.0.4.5.tar.gz

------------------------------------
- Changelog
------------------------------------

http://bugtracker.ispconfig.org/inde...&status[]=

--------------------------------------
- Known Issues:
--------------------------------------

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

--------------------------------------
- BUG Reporting
--------------------------------------

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

----------------------------------------
- Supported Linux Distributions
----------------------------------------

- Debian Etch (4.0) - Squeeze (6.0) and Debian testing
- Ubuntu 7.10 - 12.04
- OpenSuSE 11 - 12.1
- CentOS 5.2 - 6.2
- Fedora 9 - 15

-----------------------------------------
- Installation
-----------------------------------------

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

------------------------------------------
- Update
------------------------------------------

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select "stable" as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/contro...e-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

-------------------------------------------
- Manual update instructions
-------------------------------------------

Code:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following 9 Users Say Thank You to till For This Useful Post:
Captain (16th May 2012), edge (11th May 2012), fatbear (13th May 2012), fxs (11th May 2012), Hans (12th May 2012), Nikola (10th June 2012), onastvar (13th May 2012), yoplait (7th June 2012), zbuzanic (11th May 2012)
Sponsored Links
  #2  
Old 11th May 2012, 16:01
ngoyette ngoyette is offline
Member
 
Join Date: Sep 2011
Posts: 41
Thanks: 15
Thanked 1 Time in 1 Post
Default

thank you patching right now
Reply With Quote
  #3  
Old 11th May 2012, 16:24
keen keen is offline
Junior Member
 
Join Date: May 2012
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thank you for the support. My system seems to stop responding at the following:

Code:
ispconfig3_install/helper_scripts/debian_setup.sh
ispconfig3_install/helper_scripts/setup_in_openvz/
ispconfig3_
The last line is where the update stops. Any help is appreciated!
Reply With Quote
  #4  
Old 11th May 2012, 16:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

Thats most likely the shell connection and not the ispconfig updater. Press the return key to continue.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
keen (11th May 2012)
  #5  
Old 11th May 2012, 17:05
keen keen is offline
Junior Member
 
Join Date: May 2012
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thank you till for your help! Two issue have now presented themselves.

1) ISPConfig is displaying the following warning:

Code:
Server: server1.example.com (Debian Unknown)
ISPConfig 3.0.4.5
State: info (0 unknown, 0 info, 1 warning, 0 critical, 0 error)
ok:
The state of your Hard-Disk space is ok [More...]
Your virus protection is ok [More...]
Your Mail queue load is ok [More...]
Your RAID is ok [More...]
Your Server load is ok [More...]
All needed services are online [More...]
The System Log is O.K. [More...]

warning:
One or more components needs an update [More...]
When I click on "More..." for the components in need of an update, the following is displayed:

Code:
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
hdparm sudo
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst sudo [1.8.3p1-1ubuntu3] (1.8.3p1-1ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Inst hdparm [9.37-0ubuntu3] (9.37-0ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Conf sudo (1.8.3p1-1ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
Conf hdparm (9.37-0ubuntu3.1 Ubuntu:12.04/precise-updates [i386])
When I return to the server status page, I continue to get the same message as above. When I log into the shell as root, it doesn't inform me there is a need to update.

2) When I try to upload a file to the server via an upload form, I receive a 500 error. Perhaps the PHP/Apache2 limits have been re-instated? After the upgrade, I left all settings "as-is" as to not cause disruption.

Once again, than you for all the help and the prompt attention.
Reply With Quote
  #6  
Old 11th May 2012, 17:16
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

1) Thats ok, just wait some time. The status for os updates is refresehd only a few times a day as we would might overload the repository servers of the distributions otherwise.

2) No limits were changed by the update. At least of you havent edited any of the ispconfig apache config files manually. Take a look into the error.log of the website, you fidn the reason for the problem there.

A likely issue might be this one, but thats not configured by ispconfig:

http://www.faqforge.com/linux/fix-ht...-debian-linux/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
keen (11th May 2012)
  #7  
Old 11th May 2012, 17:52
chrism12 chrism12 is offline
Junior Member
 
Join Date: Apr 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default still asking me to update

i have installed the update on 2 of my servers however 1 of them still says its running version 3.0.4.4 and is asking me to update while the other has updated sucessfully.
Reply With Quote
  #8  
Old 11th May 2012, 17:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

Logout and login again. The version number is stored in the user session.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 11th May 2012, 18:22
chrism12 chrism12 is offline
Junior Member
 
Join Date: Apr 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i have tried that and deleting temp internet files but it still says 3.0.4.4
Reply With Quote
  #10  
Old 11th May 2012, 18:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
 
Default

Check the files /usr/local/ispconfig/server/lib/config.inc.php and /usr/local/ispconfig/interface/lib/config.inc.php. If they contain version number 3.0.4.4, then redo the update on that server. If they contain 3.0.4.5, then the server is up to date.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Centos is terribly slow Galled Server Operation 9 7th December 2010 15:31
Vhosts...conf not synced to changes crypted General 50 24th April 2010 00:54
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 05:19


All times are GMT +2. The time now is 16:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.