	Is there a domain name available for you?
	Search: For: ~ Advanced Search

How Do You Back Up
Your Computer,
Laptop or Network?

• Why Backup?
• Features
• Backup Plans
• Access Your Backup Account

Support Home > Hosting > Server Software Updates > 2007

Server Software Update Notification: 07-30-2007

Important updates in this Notification:
New Linux kernel 2.6.18
New version of FreeBSD for v3
Software firewall for v3
UW IMAP for v3
CPX 1.5.4 update for Linux, v3 and v2
Dovecot update for Linux, v3 and v2
SpamAssassin for Linux and v3
ClamAV for Linux and v3
PHP 4.x for Linux and v3
PHP 5.x for Linux and v3
Accrisoft for Linux and v3
Zend Optimizer for Linux and v3
PostgreSQL for Linux and v3

The following updates will be completed 08/01/2007 on all servers:

Linux MPS/VPS

Kernel

The Linux kernel will be updated to version 2.6.18. This version addresses implicit virtual mount points and several other issues. This update will take effect upon the next server reboot. Servers will be rebooted over the next several weeks. Refer to future emails for server-specific reboot information.

CPX

The CPX: Control Panel server management Web interface will be updated to support for the Dovecot email server, including email settings and configurations. CPX will also be updated to better support UTF-8 email encodings.

No action needed; refer to future email announcement for details and documentation.

Dovecot

The vinstall for the Dovecot email server will be updated to install version 1.0.1. This version introduces several new features, such as new error levels. It also addresses several outstanding issues, such as UID and index inconsistencies. More information about version 1.0.1 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-June/000045.html

Dovecot will be restarted as part of this update. The Dovecot email user mailbox will also be removed. No action needed.

The vinstall will also be updated to address compatibility issues with CPX Webmail. This update affects the vinstall only. No action needed.

The Dovecot configuration file will also be updated. For those who have not manually modified the configuration file, no action needed. If you have manually modified your /usr/local/etc/dovecot.conf file, to take advantage of this update, make a backup of any special configurations, remove or delete the file, then connect to your server through SSH and run the following from the command prompt to create an updated default configuration file:

# relink /usr/local/etc/dovecot.conf

SpamAssassin

The vinstall for the SpamAssassin mail filter will be updated to install version 3.2.1. This version brings the utility to the most current FreeBSD version and addresses a security issue (CVE-2007-2873) discussed here:

http://spamassassin.apache.org/advisories/cve-2007-2873.txt

This version also addresses issues with false positives, hash entries, zlib, temp directories, and several other issues. More information about version 3.2.1 can be found here:

http://svn.apache.org/repos/asf/spamassassin/branches/3.2/build/announcements/3.2.1.txt

No action needed for existing installations. To install SpamAssassin, connect to your server through SSH and execute the following command from the prompt:

# vinstall spamassassin

ClamAV

The vinstall for ClamAV, a GPL virus scanner, will be updated to install version 0.90.3. This version brings the utility to the most current stable release and addresses security issues with libclamav. More information about these and other updates in version 0.90.3 can be found here:

http://sourceforge.net/project/shownotes.php?release_id=512356&group_id=86638

The vinstall will also be updated to suppress messages when executing the freshclam utility. No action needed for existing installations. To install ClamAV, connect to your server through SSH and execute the following command from the prompt:

# vinstall clamav

PHP 5.x

The vinstall for the PHP: Hypertext Preprocessor scripting language for version 5.x will be updated to install version 5.2.3. This version brings the software to the most current 5.x version and addresses several security issues (CVE-2007-2872, CVE-2007-2756, and CVE-2007-1900), discussed here:

More information about version 5.2.3 can be found at these pages:

The vinstall will also be updated to recursively select extensions based on their dependencies. Incremental versions of PHP will now have their own corresponding set of extensions. The MySQL extension will be recompiled to address issues with functionality.

To install PHP or upgrade existing installations to the new 5.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php5

The PECL (PHP Extension Community Library) PHP extension repository will be updated to correctly interface with the version-specific PHP extension directories. No action needed.

PHP 4.x

The vinstall for the PHP: Hypertext Preprocessor scripting language for version 4.x will be updated to recursively select extensions based on their dependencies. This update affects the vinstall only. No action needed.

The PECL (PHP Extension Community Library) PHP extension repository will be updated to correctly interface with the version-specific PHP extension directories. No action needed.

Accrisoft

The Accrisoft Freedom installation process will be updated to install version 5.7.123a. This version updates the package to the latest version. More information about version 5.7x can be found here:

http://www.accrisoft.com/index.php?src=news&refno=16&category=Hot%20News

The Accrisoft Freedom installation process will also be updated to better address PHP compatibility. No action needed.

Zend Optimizer

The vinstall for the Zend Optimizer PHP enhancement utility will be updated to install version 3.3.0. More information about Zend Optimizer can be found here:

http://www.zend.com/products/zend_optimizer

To update existing installations, connect to your server through SSH and execute the following commands from the prompt:

# vuninstall zendoptimizer
# vinstall zendoptimizer

PostgreSQL

The vinstall for the PostgreSQL database management system will be updated to install version 7.4.17. This version addresses a security concern (CVE-2007-2138), discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138

More information about the security issues and version 7.4.17 can be found here:

http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17

The vinstall will also be updated to address issues with startup script paths.

To install PostreSQL, connect to your server through SSH and run the following from the command prompt:

# vinstall postgresql

Follow the onscreen instructions to complete the installation.

Note: To upgrade existing installations, make a backup of all databases, shutdown PostgreSQL, and uninstall the current version before running "vinstall postgresql" (above). For considerations in upgrading between versions of PostgreSQL, including avoiding data loss, see:

http://www.postgresql.org/docs/7.4/static/install-upgrading.html

The vinstall will also be updated to create certain databases at installation time. This update affects the vinstall only. No action needed.

System Quota Checker

A vuninstall for the proprietary System Quota Checker quota utility will be added to the system. To remove the System Quota Checker from your server, connect to your server through SSH and execute the following from the command prompt:

# vuninstall quotachecker

Procmail

The vinstall to set the Procmail email processing utility as the local delivery agent (LDA) will be updated to address errors and configuration problems. This update affects the vinstall only. No action needed.

The vuninstall to set the Procmail email processing utility as the local delivery agent (LDA) will be removed from the system, since this is the only local delivery agent available for Linux MPS/VPS. No action needed.

phpMyAdmin

The vinstall for the phpMyAdmin database administration tool will be updated to check for needed extensions for PHP 4.x. This update affects the vinstall only. No action needed.

OSSP mm

The OSSP mm memory abstraction library version 1.4.2 will be added to the system. More information about OSSP mm can be found here:

http://www.ossp.org/pkg/lib/mm/

No action needed.

Perl Module

The proprietary Cmds Perl module will be updated to version 1.7. This version increased the verbosity support of the module. No action needed.

MD5

The md5sum (Message-Digest algorithm 5) cryptographic hash function will be linked to "md5" to provide ease-of-use. No action needed.

FreeBSD MPS/VPS v3

FreeBSD

The FreeBSD operating system will be updated to version 6.2. This version introduces several new features such as experimental support for CAPP security even auditing, and addresses several bugs such as DoS vulnerabilities in Sendmail. More information about version 6.2 can be found here:

This update will take effect upon the next server reboot. Servers will be rebooted over the next several weeks. Refer to future emails for server-specific reboot information.

Software Firewall

The ipfilter start/stop control command for the software firewall will be updated to address outstanding functionality issues. To start or stop the software firewall, connect to your server through SSH and execute the following from the command line:

# ipfilter (start/stop)

The firewall will also be updated to open port 10000 (used by Webmin) for levels 1, 2, and 3. No action needed.

CPX

Dovecot

UW IMAP

The UW IMAP POP3 and IMAP email server will be updated to version 2006i. This version addresses issues with children and esearch extensions. More information about version 2006i can be found here:

http://www.washington.edu/imap/documentation/RELNOTES.html

No action needed.

SpamAssassin

ClamAV

The vinstall for ClamAV, a GPL virus scanner, will be updated to install version 0.91. This version addresses issues with anti-phishing, archives, and dependencies. More information about these and other updates in version 0.91 can be found here:

http://sourceforge.net/project/shownotes.php?release_id=522414&group_id=86638

No action needed for existing installations. To install ClamAV, connect to your server through SSH and execute the following command from the prompt:

# vinstall clamav

Apache

The default configuration file for the Apache Web server will be updated to contain more robust VirtualHost configuration examples. This update only affects the default configuration file of newly provisioned servers. No action needed.

PHP 4.x

The PECL (PHP Extension Community Library) PHP extension repository will be updated to correctly interface with the version-specific PHP extension directories. No action needed.

PHP 5.x

The PECL (PHP Extension Community Library) PHP extension repository will be updated to correctly interface with the version-specific PHP extension directories. No action needed.

Accrisoft

Webmin

The vinstall for the Webmin Web-based interface for system administration for UNIX will be updated to install version 1.350. This update addresses issues with DNS records and radio buttons. More information about version 1.350 can be found here:

http://www.webmin.com/updates.html

If you wish to install Webmin or update existing installations, make a backup of any special configuration, uninstall the utility, then connect to your server through SSH and execute the following from the command prompt:

# vinstall webmin

Zend Optimizer

Portupgrade

The Index-6.db file used by the Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to reflect current packages and dependencies. No action needed.

OpenLDAP Client

The OpenLDAP client will be updated to version 2.3.36. This version brings the utility to the most current FreeBSD version and addresses issues with slapd, slapo, and several other issues. More information about version 2.3.36 can be found here:

http://www.openldap.org/lists/openldap-announce/200706/msg00000.html

No action needed.

Namazu

The Namazu full-text search system will be updated to version 2.0.17. This brings the system to the most current FreeBSD version. More information about version 2.0.17 can be found here:

http://www.freshports.org/commit.php?category=databases&port=namazu2 ...

No action needed.

GNU Tar

The gtar (GNU Tar) archive utility will be updated to version 1.17_1. This version brings the utility to the most current FreeBSD version and addresses issues with message catalog directories. More information about version 1.17_1 can be found here:

http://www.freshports.org/commit.php?category=archivers&port=gtar ...

No action needed.

X11 Applications

The X.Org Applications library for the X11 Windows System will be updated to version 7.2. This update replaces the X.Org client library. More information about the X.Org Applications library can be found here:

http://www.x.org/wiki/

No action needed.

X11

The libX11, libXpm, and libXfont libraries for the X11 X Windows System will be updated to the following versions, respectively:

1.1.2,1
3.5.6_1
1.2.8,1

You can find more information about libX11 version 1.1.2,1 here:

More information about libXpm version 3.5.6_1 can be found here:

http://www.freshports.org/commit.php?category=x11&port=libXpm ...

More information about libXfont version 1.2.8,1 can be found here:

http://www.freshports.org/commit.php?category=x11-fonts&port=libXfont ...

No action needed.

Metamail

The vinstall for the metamail email utility will be updated to correctly interact with the X.Org Applications library. This update affects the vinstall only. No action needed.

SquirrelMail

The vinstall for the SquirrelMail Webmail package will be updated to install version 1.4.10a. This version addresses security issues (CVE-2007-1262) discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20071262

More information about version 1.4.10a can be found here:

http://sourceforge.net/project/shownotes.php?release_id=507362&group_id=311

To install SquirrelMail or update existing installations, make a backup of your current configuration, uninstall the application, then connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail

PostgreSQL

The vinstall for the PostgreSQL database management system version 8 will be updated to install version 8.1.9. This version addresses a security concern (CVE-2007-2138), discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138

More information about the security issues and version 8.1.9 can be found here:

http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-9

The vinstall will also be updated to install the initial database.

To install PostreSQL, connect to your server through SSH and run the following from the command prompt:

# vinstall postgresql

Follow the onscreen instructions to complete the installation.

Note: To upgrade existing installations, make a backup of all databases, shutdown PostgreSQL, and uninstall the current version before running "vinstall postgresql" (above). For considerations in upgrading between versions of PostgreSQL, including avoiding data loss, see:

http://www.postgresql.org/docs/8.1/static/install-upgrading.html

The vinstall will also be updated to create certain databases at installation time. This update affects the vinstall only. No action needed.

file

The file utility will be updated to address a heap overflow security issue, discussed here:

http://security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc

No action needed.

fstat

The fstat file utility will be updated to address issues with directories. No action needed.

sinfo

The sinfo command-line utility will be updated to remove punctuation and improve display of multiple IP addresses. No action needed.

IO::Socket::SSL

The IO::Socket::SSL class will be updated to version 1.07. This version updates the class to the most recent version and addresses issues with socket buffers. More information about version 1.07 can be found here:

http://search.cpan.org/src/SULLR/IO-Socket-SSL-1.07/Changes

No action needed.

JasPer

The JasPer implementation of the JPEG-2000 standard specification will be updated to version 1.900.1_1. This version updates the utility and addresses issues with temp files. More information about version 1.900.1_1 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=jasper ...

No action needed.

GPG

GPG (GNU Privacy Guard or GnuPG) will be updated to version 2.0.4. This version brings the utility to the most current FreeBSD version. More information about version 2.0.4 can be found here:

http://www.freshports.org/commit.php?category=security&port=gnupg ...

No action needed.

Linux compatibility environment

The Linux compatibility environment will be updated to version 4_10. This version removes emulated support for the Linux rpm command. More information about version 4_10 can be found here:

http://www.freshports.org/commit.php?category=emulators&port=linux_base-fc4 ...

No action needed.

Perl Net Class

The Perl Net class will be updated to version 1.21,1. This version brings the class to the most current version. More information about version 1.21,1 can be found here:

http://www.freshports.org/commit.php?category=net&port=p5-Net ...

No action needed.

Perl Module

The proprietary Cmds Perl module will be updated to version 1.7. This version increased the verbosity support of the module. No action needed.

Vim-lite

The vim-lite editor will be updated to version 7.1.18. This version brings the utility to the most current FreeBSD version. More information about version 7.1.18 of the full vim package can be found here:

http://www.freshports.org/commit.php?category=editors&port=vim ...

No action needed.

Bash

GNU Bash (Bourne Again SHell), an implementation of the POSIX.2 shell specification, will be updated to version 3.2.17_2. This version brings the package to the most current FreeBSD version and addresses issues with rbash and prefixes. More information about version 3.2.17_2 can be found here:

No action needed.

OpenGL

The libGL OpenGL library will be updated to version 6.5.3_3. This version updates the library and addresses issues with threads. More information about version 6.5.3_3 can be found here:

No action needed.

XML::SAX

The XML::SAX Perl module will be updated to version 0.16. This version brings the module to the most current FreeBSD version. More information about version 0.16 can be found here:

http://search.cpan.org/src/GRANTM/XML-SAX-0.16/Changes

No action needed.

mutt next generation

The mutt next generation command-line email client will be updated to version 20061125_2. This version brings the utility to the most current FreeBSD version and addresses issues with dependencies. More information about version 20061125_2 can be found here:

http://www.freshports.org/commit.php?category=mail&port=mutt-ng ...

No action needed.

libgpg-error

The libgpg-error library will be updated to version 1.5. This version brings the utility to the most current FreeBSD version. More information about version 1.5 can be found here:

http://www.freshports.org/commit.php?category=security&port=libgpg-error ...

No action needed.

Netpbm

The Netpbm graphics software package will be updated to version 10.26.43. This version brings the utility to the most current FreeBSD version. More information about version 10.26.43 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=netpbm ...

No action needed.

lftp

The lftp file transfer program will be updated to version 3.5.11_1. This version brings the utility to the most current FreeBSD version and addresses issues with the GnuTLS security library. More information about version 3.5.11_1 can be found here:

http://www.freshports.org/commit.php?category=ftp&port=lftp ...

No action needed.

GD (Japanese)

The GD (Japanese) dynamic image code library will be updated to version 2.0.35,1. This version brings the utility to the most current version and addresses security issues with infinite loops, integer overflows, and other issues. More information about version 2.0.35,1 of the full gd package can be found here:

http://www.libgd.org/ReleaseNote020035

No action needed.

cURL

The cURL file transfer utility will be updated to version 7.16.1_1. This version brings the utility to the most current FreeBSD version and addresses issues with the GnuTLS and Libssh2 libraries. More information about version 7.16.1_1 can be found here:

No action needed.

LibXML2 and LibXSLT

The LibXML2 and LibXSLT C parser libraries for XML will be updated to versions 2.6.29 and 1.1.21, respectively. These new versions update the libraries and address issues with portability, the build, documentation, and several other issues. More information about LibXML2 version 2.6.29 can be found here:

http://xmlsoft.org/news.html

More information about LibXSLT version 1.1.21 can be found here:

http://xmlsoft.org/XSLT/news.html

No action needed.

GnuTLS

The GnuTLS (GNU Transport Layer Security) library will be updated to version 1.6.3. This version brings the utility to the most current FreeBSD version and addresses issues with shared libraries. More information about version 1.6.3 can be found here:

http://www.freshports.org/commit.php?category=security&port=gnutls ...

No action needed.

FreeBSD MPS/VPS v2:

CPX: The CPX: Control Panel server management Web interface will be updated to support for the Dovecot email server, including email settings and configurations. CPX will also be updated to better support UTF-8 email encodings.

No action needed; refer to future email announcement for details and documentation.
Dovecot: The vinstall for the Dovecot email server will be updated to address compatibility issues with CPX Webmail. This update affects the vinstall only. No action needed.

Signature

Pear HTML_Table Class: The PEAR HTML_Table Class for PHP 4.x will be added to the system. More information about PEAR can be found at:

http://pear.php.net/packages.php?catpid=10&catname=HTML

Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.