AlpineWeb Support Home
Is there a domain name available for you?
Search: For:   ~ Advanced Search


How Do You Back Up
Your Computer,
Laptop or Network?

Why Backup?
Features
Backup Plans
Access Your Backup Account
    Support Home > Hosting > Server Software Updates > 2008

Server Software Update Notification: 03-05-2008 - Part 1

Important updates in this Notification:
  • Apache for Linux, v3, v2, v1, and Solaris
  • CPX for Linux, v3, and v2
  • Dovecot for Linux, v3, and v2
  • ClamAV for Linux, v3, and v2
  • SpamAssassin for v3 and v2
  • UW IMAP for v2
  • MySQL 5.x for v3
  • MySQL 4.x for v3 and v2
  • MySQL 3.x for v2 and v1
  • MySQL Check for Linux
  • Ruby for v3
  • Bash for v3
  • ImageMagick for v3
  • OpenSSH for v3
  • gtar for v3
  • PostgreSQL for v3
  • WordPress for v3
The following updates (or “dist”) will be completed 3/5/2008 on all servers:

Linux MPS/VPS:

Apache
The Apache Web server will be updated to address cross-site scripting security issues. The security issues resolved include CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

The security issues are resolved in the official Apache version 2.0.63, however the displayed version remains 2.0.52 for Linux MPS/VPS.

The Web server will be restarted as part of this update. No action needed.
CPX
The CPX: Control Panel server management Web interface will be updated to version 1.5.7. This version greatly improves support for large numbers of users and addresses minor outstanding issues.

The Apache Web server will be restarted as part of this update. No action needed.
SquirrelMail
The vinstall for the SquirrelMail Webmail package will be updated to install version 1.4.13. This version addresses compromises in previous versions. More information about version 1.4.13 can be found here:

http://sourceforge.net/project/shownotes.php?group_id=311&release_id=561668

The vinstall will also be updated to offer several new options. To view possible options, connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail --help

For example, to update existing installations, execute the following from the command prompt:

# vinstall squirrelmail --update
Dovecot
The Dovecot email server will be updated to version 1.0.10. This version addresses a security issue as well as issues with the mbox and maildir formats. More information about version 1.0.10 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-December/000058.html

The Dovecot server will be restarted as part of this update. No action needed.

The vuninstall for Dovecot with the maildir email box format will be updated to address issues with folder locks. This update affects the vuninstall only. No action needed.
ClamAV
The vinstall for ClamAV, a GPL virus scanner, will be updated to install version 0.92.1. This version addresses a possible integer overflow security issue (CVE-2008-0318), discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

More information about version 0.92.1 can be found here:

http://sourceforge.net/project/shownotes.php?release_id=575703&group_id=86638

The ClamAV daemon will be restarted as part of this update. No action needed for existing installations. To install ClamAV, connect to your server through SSH and execute the following from the command prompt:

# vinstall clamav
MySQL Check
A new vinstall called MySQL Check will be added to the system. Using this vinstall will execute the "mysqlcheck" database utility to check, repair, and optimize database tables of MySQL databases (version 4.x and newer). It creates a cron job to repeat the check every two weeks and stores the database password in ~/.my.cnf. To execute this utility, connect to your server through SSH and execute the following from the command prompt:

# vinstall mysqlcheck
Note: The mysqlcheck utility is only available for MySQL version 4.x and newer. Older versions of MySQL do not have this utility.
phpPgAdmin
The vinstall for the phpPgAdmin Web-based administration tool for PostgreSQL will be updated to install version 4.1.3. This version addresses issues with regressions and security. More information about version 4.1.3 can be found here:

http://sourceforge.net/project/shownotes.php?group_id=37132&release_id=522200

To update existing installations, make a backup of your databases and configuration, uninstall the tool, then reinstall phpPgAdmin by connecting to your server through SSH and execute the following from the command prompt:

# vinstall phpPgAdmin


FreeBSD MPS/VPS v3:

Apache 2.x
The Apache Web server version 2.x will be updated to version 2.2.8. This version addresses cross-site scripting security issues, including CVE-2007-6421, CVE-2007-6422, CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

More information about version 2.2.8 can be found here:

http://www.apache.org/dist/httpd/Announcement2.2.html

The Web server will be restarted as part of this update. No action needed.
Apache 1.3.x
The Apache Web server version 1.3.x will be updated to version 1.3.41. This version addresses cross-site scripting security issues, including CVE-2007-3847, CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

More information about version 1.3.41 can be found here:

http://www.apache.org/dist/httpd/Announcement1.3.html

The Web server will be restarted as part of this update. No action needed.
CPX
The CPX: Control Panel server management Web interface will be updated to version 1.5.7. This version greatly improves support for large numbers of users and addresses minor outstanding issues.

The Apache Web server will be restarted as part of this update. No action needed.
Dovecot
The vinstall for the Dovecot email server with the maildir email box format will be updated to install version 1.0.10. This version addresses a security issue as well as issues with the mbox and maildir formats. More information about version 1.0.10 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-December/000058.html

The Dovecot server will be restarted as part of this update. No action needed.

The vuninstall for Dovecot with maildir will be updated to address issues with folder locks. This update affects the vuninstall only. No action needed.
SpamAssassin
The vinstall for the SpamAssassin mail filter will be updated to install version 3.2.4_1. This version addresses issues with plugins and several other issues. More information about version 3.2.4_1 can be found here:

http://www.freshports.org/commit.php?category=mail&port=p5-Mail-SpamAssassin ...

The SpamAssassin service will be restarted as part of this update. No action needed for existing installations.

To install SpamAssassin, connect to your server through connect to your server through SSH and execute the following from the command prompt:

# vinstall spamassassin

A vuninstall for the SpamAssassin mail filter will be added to the system. To remove the SpamAssassin mail filter, connect to your server through SSH and execute the following command from the prompt:

# vuninstall spamassassin
ClamAV
The vinstall for ClamAV, a GPL virus scanner, will be updated to address issues with the automatic updates and email addresses.

To update existing installations which currently receive repeated bounce messages regarding ClamAV processes, connect to your server through SSH and execute the following from the command prompt:

# vinstall clamav
MySQL 5.x
The vinstall for the MySQL database management system version 5.x will be updated to install version 5.0.51a. This version addresses several issues, including buffer overflow security issues (CVE-2008-0226, CVE-2008-0227), discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227

More information about MySQL 5.0.51a can be found here:

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51a.html

To update existing installations, make a backup of all databases, uninstall the system, and then reinstall by connecting to your server through SSH and executing the following from the command prompt:

# vinstall mysql5.0
MySQL 4.1.x
The vinstall for the MySQL database management system version 4.1.x will be updated to install version 4.1.22. This version addresses several issues, including options, documentation, and outstanding bugs. More information about MySQL 4.1.22 can be found here:

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html

To update existing installations, make a backup of all databases, uninstall the system, and then reinstall by connecting to your server through SSH and executing the following from the command prompt:

# vinstall mysql4.1
WordPress
The vinstall for the WordPress blogging utility will be updated to offer language installation options. This update affects the vinstall only. No action needed.
SquirrelMail
The vinstall for the SquirrelMail Webmail package will be updated to install version 1.4.13. This version addresses compromises in previous versions. More information about version 1.4.13 can be found here:

http://sourceforge.net/project/shownotes.php?group_id=311&release_id=561668

The vinstall will also be updated to offer several new options. To view possible options, connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail --help

For example, to update existing installations, execute the following from the command prompt:

# vinstall squirrelmail --update
Portupgrade
The Index-6.db file used by the Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to reflect current packages and dependencies. Some package and port timestamps will also be updated. No action needed.
IO::Compress::Base
The IO::Compress::Base Perl module will be updated to version 2.008. This version brings the module to the most current version and addresses issues with documentation. More information about version 2.008 can be found here:

http://search.cpan.org/src/PMQS/IO-Compress-Base-2.008/Changes

No action needed.
NcFTP
The NcFTP free set of FTP programs will be updated to version 3.2.1. This version addresses several bugs and introduces features. More information about version 3.2.1 can be found here:

http://www.ncftp.com/ncftp/doc/changelog.html

No action needed.
PNG
The libpng reference library will be updated to version 1.2.23_1. This version brings the library to the most current version. More information about version 1.2.23_1 can be found at these pages:

http://www.freshports.org/commit.php?category=graphics&port=png ...

No action needed.
Error
The Error Perl package will be updated to version 0.17.009. This version brings the package to the most current version and addresses issues with exceptions. More information about version 0.17.009 can be found here:

http://search.cpan.org/src/SHLOMIF/Error-0.17009/ChangeLog

No action needed.
Flashpix
The Flashpix OpenSource Toolkit will be updated to version 1.2.0.12_1. This version addresses issues with the port and installation options. More information about 1.2.0.12_1 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=libfpx ...
http://www.freshports.org/commit.php?category=graphics&port=libfpx ...

No action needed.
Ruby
The Ruby object-oriented scripting language with support for the Oniguruma regular expression library will be updated to version 1.8.6.111_1,1. This version brings the language to the most current FreeBSD version and addresses port issues. More information about version 1.8.6.111_1,1 can be found at these pages:

http://www.freshports.org/commit.php?category=lang&port=ruby18 ...
http://www.freshports.org/commit.php?category=lang&port=ruby18 ...

No action needed.
Test::Harness
The Test::Harness Perl module will be updated to version 3.07. This version updates the module and addresses issues with compatibility. More information about version 3.07 can be found here:

http://search.cpan.org/src/ANDYA/Test-Harness-3.07/Changes

No action needed.
Oracle Client Libraries
The FreeBSD Oracle8 client libraries will be updated to version 0.2.0_1. This version brings the libraries to the most current FreeBSD version. More information about version 0.2.0_1 can be found here:

http://www.freshports.org/commit.php?category=databases&port=oracle8-client ...

Note that these libraries are not officially supported by Oracle. No action needed.
Sudo
The sudo (superuser do) utility will be updated to version 1.6.9.12. This version brings the utility to the most current FreeBSD version and addresses issues with commands. More information about version 1.6.9.12 can be found here:

http://www.freshports.org/commit.php?category=security&port=sudo ...

No action needed.
PathTools
The PathTools file specifications module will be updated to version 3.2700. This version brings the utility to the most current version. More information about version 3.2700 can be found here:

http://search.cpan.org/src/KWILLIAMS/PathTools-3.27/Changes

No action needed.
Rsync
Rsync, an open source utility that provides fast incremental file transfer, will be updated to version 2.6.9_2. This version brings the utility to the most current FreeBSD version and addresses issues with symbolic links. More information about version 2.6.9_2 can be found here:

http://www.freshports.org/commit.php?category=net&port=rsync ...

No action needed.
Test::Simple
The Test::Simple Perl module will be updated to version 0.74. This version brings the module to the most current version and addresses issues authorship. More information about version 0.74 can be found here:

http://search.cpan.org/src/MSCHWERN/Test-Simple-0.74/Changes

No action needed.
Vim-lite
The vim-lite editor will be updated to version 7.1.211. This version updates the version and addresses issues with the port itself. More information about version 7.1.211 of the full vim package can be found here:

http://www.freshports.org/commit.php?category=editors&port=vim ...
http://www.freshports.org/commit.php?category=editors&port=vim ...
http://www.freshports.org/commit.php?category=editors&port=vim ...

No action needed.
IO::Socket::SSL
The IO::Socket::SSL class will be updated to version 1.12. This version updates the class and addresses issues with timeouts. More information about version 1.12 can be found here:

http://search.cpan.org/src/SULLR/IO-Socket-SSL-1.12/Changes

No action needed.
OpenLDAP Client
The OpenLDAP client will be updated to version 2.3.40. This version brings the utility to the most current FreeBSD version and addresses issues with the build, documentation, and several other issues. More information about version 2.3.40 can be found here:

http://www.openldap.org/lists/openldap-announce/200712/msg00001.html

No action needed.
Compress::Raw::Zlib
The Compress::Raw::Zlib Perl module will be updated to version 2.008. This version brings the module to the most current version and updates the documentation. More information about version 2.008 can be found here:

http://search.cpan.org/src/PMQS/Compress-Raw-Zlib-2.008/Changes

No action needed.
IO::Compress::Zlib
The IO::Compress::Zlib Perl module will be updated to version 2.008. This version brings the module to the most current version and addresses issues with installation and documentation. More information about version 2.008 can be found here:

http://search.cpan.org/src/PMQS/IO-Compress-Zlib-2.008/Changes

No action needed.
Autoconf
The Autoconf M4 macro package and associated Automake makefile tool will be updated to version 20071109. This version brings the utilities to the most current FreeBSD version. More information about the Autoconf master port can be found here:

http://beta.freshports.org/commit.php?category=devel&port=autoconf-wrapper ...

No action needed.
Compress::Zlib
The Compress::Zlib Perl module will be updated to version 2.008. This version brings the module to the most current version and updates documentation. More information about version 2.008 can be found here:

http://search.cpan.org/src/PMQS/Compress-Zlib-2.008/Changes

No action needed.
libiconv
The libiconv character set conversion library will be updated to version 1.11_1. This version brings the utility to the most current FreeBSD version and introduces support for GNOME 2.20.x. More information about version 1.11_1 can be found here:

http://www.freshports.org/commit.php?category=converters&port=libiconv ...
http://www.freshports.org/commit.php?category=converters&port=libiconv ...

No action needed.
S-Lang
The S-Lang programming library will be updated to version 2.1.3. This version updates the library. More information about version 2.1.3 can be found here:

http://www.freshports.org/commit.php?category=devel&port=libslang2 ...

No action needed.
MOST
The MOST paging program will be updated to version 5.0.0. This version brings the program to the most current version. More information about version 5.0.0 can be found here:

http://www.freshports.org/commit.php?category=sysutils&port=most ...

No action needed.
Bash
GNU Bash (Bourne Again SHell), an implementation of the POSIX.2 shell specification, will be updated to version 3.2.33. This version brings the package to the most current FreeBSD version. More information about version 3.2.33 can be found here:

http://www.freshports.org/commit.php?category=shells&port=bash ...

No action needed.
lftp
The lftp file transfer program will be updated to version 3.6.1. This version brings the utility to the most current FreeBSD version and addresses issues with commands and languages. More information about version 3.6.1 can be found here:

http://www.freshports.org/commit.php?category=ftp&port=lftp ...

No action needed.
pkg-config
The pkg-config installed libraries utility will be updated to version 0.22_1. This version brings the utility to the most current FreeBSD version and addresses issues with configuration. More information about version 0.22_1 can be found here:

http://www.freshports.org/commit.php?category=devel&port=pkg-config ...

No action needed.
Netpbm
The Netpbm graphics software package will be updated to version 10.26.49. This version brings the utility to the most current FreeBSD version. More information about version 10.26.49 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=netpbm ...

No action needed.
FreeType 2
The FreeType 2 portable TrueType font engine will be updated to version 2.3.5. This version brings the utility to the most current FreeBSD version and addresses LCD filtering. More information about version 2.3.5 can be found here:

http://www.freshports.org/commit.php?category=print&port=freetype2 ...

No action needed.
Pixman
The pixman graphics manipulation program will be updated to version 0.9.6. This version brings the program to the most current FreeBSD version. More information about 0.9.6 can be found here:

http://www.freshports.org/commit.php?category=x11&port=pixman ...

No action needed.
Archive::Tar
The Archive::Tar Perl module will be updated to version 1.38. This version brings the module to the most current version. More information about version 1.38 can be found here:

http://search.cpan.org/src/KANE/Archive-Tar-1.38/CHANGES

No action needed.
GnuTLS
The GnuTLS (GNU Transport Layer Security) library will be updated to version 2.0.2_1. This version brings the utility to the most current FreeBSD version and addresses issues with shared libraries. More information about version 2.0.2_1 can be found here:

http://www.freshports.org/commit.php?category=security&port=gnutls ...

No action needed.
KSBA
The KSBA certificates library will be updated to version 1.0.2. This version brings the library to the most current FreeBSD version. More information about version 1.0.2 can be found here:

http://www.freshports.org/commit.php?category=security&port=libksba ...
http://www.freshports.org/commit.php?category=security&port=libksba ...

No action needed.
Pinentry-Curses
The curses-based pinentry entry dialogue utility will be updated to version 0.7.3. This version brings the utility to the most current FreeBSD version. More information about version 0.7.3 of the full pinentry package can be found here:

http://www.freshports.org/commit.php?category=security&port=pinentry ...

No action needed.
compat5x
The compat5x legacy binary libraries will be updated to version 5.4.0.8_9. This version brings the libraries to the most current FreeBSD version. More information about version 5.4.0.8_9 can be found here:

http://www.freshports.org/commit.php?category=misc&port=compat5x ...
http://www.freshports.org/commit.php?category=misc&port=compat5x ...

No action needed.
Dirmngr
The Dirmngr certificate management client will be updated to version 1.0.1. This version brings the utility to the most current FreeBSD version. More information about version 1.0.1 can be found here:

http://www.freshports.org/commit.php?category=security&port=dirmngr ...
http://www.freshports.org/commit.php?category=security&port=dirmngr ...

No action needed.
Net::DNS::Resolver::Programmable
The Net::DNS::Resolver::Programmable class will be updated to version 0.003. This version brings the class to the most current version and addresses issues with builds and the license. More information about version 0.003 can be found here:

http://search.cpan.org/src/JMEHNLE/Net-DNS-Resolver-Programmable-v0.003/CHANGES

No action needed.
ImageMagick
The ImageMagick image processing tools library will be updated to version 6.3.6.9. This version brings the utility to the most current FreeBSD version and addresses support for X11 and tests. More information about version 6.3.6.9 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=ImageMagick ...
http://www.freshports.org/commit.php?category=graphics&port=ImageMagick ...
http://www.freshports.org/commit.php?category=graphics&port=ImageMagick ...

No action needed.
xdm
The xdm X.org display manager will be updated to version 1.1.6_3. This version brings the utility to the most current FreeBSD version and addresses issues with file paths. More information about version 1.1.6_3 can be found here:

http://www.freshports.org/commit.php?category=x11&port=xdm ...

No action needed.
Xterm
The xterm terminal emulator will be updated to version 229_1. This version updates the emulator. More information about version 229_1 can be found here:

http://www.freshports.org/commit.php?category=x11&port=xterm ...

No action needed.
CDialog
The CDialog script-interpreter will be updated to version 1.1.20071028,1. This version brings the utility to the most current FreeBSD version. More information about version 1.1.20070409,1 can be found here:

http://www.freshports.org/commit.php?category=devel&port=cdialog ...
http://invisible-island.net/dialog/CHANGES

No action needed.
Mime-support
The mime-support MIME type package will be updated to version 3.40.1. This version brings the package to the most current version and adds more MIME type support. More information about version 3.40.1 can be found here:

http://packages.debian.org/changelogs/pool/main/m/mime-support/current/changelog

No action needed.
Perl version
The version extension for Perl Version Objects will be updated to version 0.74. This version brings the extension to the most current version. More information about version 0.74 can be found here:

http://search.cpan.org/src/JPEACOCK/version-0.74/Changes

No action needed.
Parse::Syslog
The Parse::Syslog Perl module will be updated to version 1.10. This version brings the module to the most current version. More information about version 1.10 can be found here:

http://search.cpan.org/src/DSCHWEI/Parse-Syslog-1.10/Changes

No action needed.
Net::DNS
The Net::DNS Perl module collection will be updated to version 0.62. This version introduces new methods and addresses several outstanding issues with. More information about version 0.62 can be found here:

http://search.cpan.org/src/OLAF/Net-DNS-0.62/Changes

No action needed.
phpPgAdmin
The vinstall for the phpPgAdmin Web-based administration tool for PostgreSQL will be updated to install version 4.1.3. This version addresses issues with regressions and security. More information about version 4.1.3 can be found here:

http://sourceforge.net/project/shownotes.php?group_id=37132&release_id=522200

To update existing installations, make a backup of your databases and configuration, uninstall the tool, then reinstall phpPgAdmin by connecting to your server through SSH and execute the following from the command prompt:

# vinstall phpPgAdmin
Webmin
The vinstall for the Webmin Web-based interface for system administration for UNIX will be updated to improve installation syntax. This update affects the vinstall only. No action needed.
KornShell
The KornShell (ksh) command and programming language will be updated to version 20071105. This version brings the utility to the most current FreeBSD version. More information about version 20070628 can be found here:

http://www.freshports.org/commit.php?category=shells&port=ksh93 ...

No action needed.
Mhash
The mhash library for hash algorithms will be updated to version 0.9.9. This version brings the library to the most current FreeBSD version and addresses several issues. More information about version 0.9.9 can be found here:

http://www.freshports.org/commit.php?category=security&port=mhash ...

No action needed.
OpenSSH
The portable OpenSSH connectivity tool will be updated to version 4.7.p1_1,1. This version brings the tool to the most recent FreeBSD version. More information about version 4.7.p1_!,1 can be found here:

http://www.freshports.org/commit.php?category=security&port=openssh-portable ...

No action needed.
GNU Tar
The gtar (GNU Tar) archive utility will be updated to version 1.19. This version brings the utility to the most current FreeBSD version. More information about version 1.19 can be found here:

http://www.freshports.org/commit.php?category=archivers&port=gtar ...

No action needed.
t1lib
The t1lib library for Adobe Type 1 fonts will be updated to version 5.1.2,1. This version brings the utility to the most current FreeBSD version. More information about version 5.1.2,1 can be found here:

http://www.freshports.org/commit.php?category=devel&port=t1lib ...

No action needed.
PostgreSQL
The vinstall for the PostgreSQL database management system will be updated to install version 8.2.6. This version addresses several issues, including several security concerns. More information about the security issues and version 8.2.6 can be found here:

http://www.postgresql.org/docs/8.2/static/release-8-2-6.html

To upgrade existing installations, make a backup of all databases, uninstall the system, and then reinstall by connecting to your server through SSH and executing the following from the prompt:

# vinstall postgresql
LibXML2
The LibXML2 C parser library for XML will be updated to version 2.6.31. This version brings the library to the most current version and addresses several issues, including security issues. More information about LibXML2 version 2.6.31 can be found here:

http://xmlsoft.org/news.html

No action needed.
libXfont
The X font library will be updated to version 1.3.1_2,1. This version brings the library to the most current FreeBSD version and addresses a buffer overflow security issue, CVE-2008-0006, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006

More information about version 1.3.1_2,1 can be found here:

http://www.freshports.org/commit.php?category=x11-fonts&port=libXfont ...

No action needed.
XML::LibXML
The XML::LibXML Perl module will be updated to version 1.66. This version brings the module to the most current version and addresses issues with Perl support, possible segmentation faults, and several other issues. More information about version 1.66 can be found here:

http://search.cpan.org/src/PAJAS/XML-LibXML-1.66/Changes

No action needed.
XML::LibXSLT
The XML::LibXSLT Perl module was updated to version 1.66. This version brings the module to the most current version. More information about version 1.66 can be found here:

http://search.cpan.org/src/PAJAS/XML-LibXSLT-1.66/Changes

No action needed.


FreeBSD MPS/VPS v2:

Apache 1.3.x
The Apache Web server version 1.3.x will be updated to version 1.3.41. This version addresses cross-site scripting security issues, including CVE-2007-3847, CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

More information about version 1.3.41 can be found here:

http://www.apache.org/dist/httpd/Announcement1.3.html

The Web server will be restarted as part of this update. No action needed.
CPX
The CPX: Control Panel server management Web interface will be updated to version 1.5.7. This version greatly improves support for large numbers of users and addresses minor outstanding issues.

The Apache Web server will be restarted as part of this update. No action needed.
ClamAV
The vinstall for ClamAV, a GPL virus scanner, will be updated to install version 0.92. This version addresses issues with languages. More information about version 0.92 can be found here:

http://svn.clamav.net/svn/clamav-devel/tags/clamav-0.92/ChangeLog

The ClamAV daemon will be restarted as part of this update. No action needed for existing installations. To install ClamAV, connect to your server through SSH and execute the following from the command prompt:

# vinstall clamav
SpamAssassin
A vuninstall for the SpamAssassin mail filter will be added to the system. To remove the SpamAssassin mail filter, connect to your server through SSH and execute the following command from the prompt:

# vuninstall spamassassin
MySQL 4.1.x
The vinstall for the MySQL database management system version 4.1.x will be updated to install version 4.1.22. This version addresses several issues, including options, documentation, and outstanding bugs. More information about MySQL 4.1.22 can be found here:

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html

To update existing installations, make a backup of all databases, uninstall the system, and then reinstall by connecting to your server through SSH and executing the following from the command prompt:

# vinstall mysql4.1
MySQL 3.x
The vinstall for the MySQL database management system version 3.x will be removed from the system. This legacy version is no longer supported by MySQL AB. This affects the vinstall only. Existing installations will not be affected. No action needed.
Dovecot
The vinstall for the Dovecot email server with the maildir email box format will be updated to install version 1.0.10. This version addresses a security issue as well as issues with the mbox and maildir formats. More information about version 1.0.10 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-December/000058.html

The Dovecot server will be restarted as part of this update. No action needed.

The vuninstall for Dovecot with maildir will be updated to address issues with folder locks. This update affects the vuninstall only. No action needed.
LinuxThreads
The LinuxThreads implementation of POSIX pthreads will be updated to version 2.2.3_23. This version brings the utility to the most current FreeBSD version and addresses issues with build issues. More information about version 2.2.3_23 can be found here:

http://www.freshports.org/commit.php?category=devel&port=linuxthreads ...

No action needed.
UW IMAP
The UW IMAP POP3 and IMAP email server will be updated to version 2006i. This version addresses issues with children and esearch extensions. More information about version 2006i can be found here:

http://www.washington.edu/imap/documentation/RELNOTES.html

No action needed.
Webmin
The vinstall for the Webmin Web-based interface for system administration for UNIX will be updated to address syntax issues in instructions. This update affects the vinstall itself only. No action needed.
PostgreSQL
The vinstall for the PostgreSQL database management system will be updated to install version 7.4.19. This version addresses several issues, including security concerns. More information about the security issues and version 7.4.19 can be found here:

http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-19

To upgrade existing installations, make a backup of all databases, uninstall the system, and then reinstall by connecting to your server through SSH and executing the following from the prompt:

# vinstall postgresql
Note: For considerations in upgrading between versions of PostgreSQL, including avoiding data loss, see:

http://www.postgresql.org/docs/7.4/static/install-upgrading.html


FreeBSD MPS/VPS v1:

Apache 1.3.x
The Apache Web server version 1.3.x will be updated to version 1.3.41. This version addresses cross-site scripting security issues, including CVE-2007-3847, CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

More information about version 1.3.41 can be found here:

http://www.apache.org/dist/httpd/Announcement1.3.html

The Web server will be restarted as part of this update. No action needed.
MySQL 3.x
The vinstall for the MySQL database management system version 3.x will be removed from the system. This legacy version is no longer supported by MySQL AB. This affects the vinstall only. Existing installations will not be affected. No action needed.


Solaris MPS/VPS v1:

Apache 1.3.x
The Apache Web server version 1.3.x will be updated to version 1.3.41. This version addresses cross-site scripting security issues, including CVE-2007-3847, CVE-2007-6388 and CVE-2007-5000, discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

More information about version 1.3.41 can be found here:

http://www.apache.org/dist/httpd/Announcement1.3.html

The Web server will be restarted as part of this update. No action needed.
NoteNote: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.


image


image
Authorized viaVerio Reseller         Authorize.net         Miva Certified Business Partner