Server Software Update Notification: 08-29-2007

• SpamAssassin for v2
• ClamAV for v2
• Dovecot for v2
• CPX for v2
• Apache for v2 and v1
• BIND for v2 and Signature

FreeBSD MPS/VPS v2:

SpamAssassin

The vinstall for the SpamAssassin mail filter will be updated to install version 3.2.1_1. More information about version 3.2.1_1 can be found here:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/p5-Mail-SpamAssassin/

To update existing SpamAssassin installations and keep the current program configuration, connect to your server through SSH and execute the following command from the prompt:

# vinstall spamassassin

Answer "yes" (the default) when prompted with the question "Would you like to overwrite/upgrade your existing installation? [yes]:" Answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.2.1_1 to process *all* email received by this server now? [no]:" Finally, answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.1_1 to process email for a particular user now? [no]:"

ClamAV

The vuninstall for ClamAV, a GPL virus scanner, will be updated to address issues with freshclam cron processes. This update affects the vuninstall only.

The vinstall will be updated to address folder creation and milter messages.

The ClamAV service will be restarted as part of this update. No action needed.

Dovecot

The Dovecot email server will be updated to version 1.0.2. This version addresses issues with the maildir format. More information about version 1.0.2 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-July/000046.html

The Dovecot server will be restarted as part of this update. No action needed.

CPX

The CPX: Control Panel server management Web interface will be updated to address outstanding bugs and issues, including the following:

• Errors when saving changes to tasks
• Long email addresses truncated

Apache

The restart_apache command to restart the Apache Web server will be updated to better handle process IDs and persistent process termination. No action needed.

BIND

The BIND implementation of the DNS protocol will be updated to version 9.4.1-p1. This version addresses a DNS pharming attack, discussed here:

http://www.net-security.org/secworld.php?id=5366

No action needed.

Zend Optimizer

The vuninstall for the Zend Optimizer PHP enhancement utility will be updated to correctly remove all settings from the php.ini configuration file. No action needed.

FreeBSD MPS/VPS v1

Apache

The Apache Web server will be updated to address issues with system-level compatibilities. This update will require a restart of the Web server. No action needed.

Signature

DNS BIND

BIND will be updated to version 9.4.1-P1. This is to answer a security hole related to DNS information security fix. For more information about the security issue related to this enhancement, please see:

http://www.net-security.org/secworld.php?id=5366

No action needed

Webmail

Webmail will be updated so that customers can use a semi-colon or a comma when typing multiple email addresses in the To: field.

No action needed.

Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.