	Is there a domain name available for you?
	Search: For: ~ Advanced Search

Support Home > Hosting > Server Software Updates > 2007 >

Server Software Notification List Message: 03-27-2007

The following updates will be completed 03/28/2007 on all servers:

Linux MPS/VPS

PHP 4.x

The vinstall for the PHP: Hypertext Preprocessor scripting language for version 4.x will be updated to install version 4.4.6. This version brings the software to the most current 4.x version and addresses several issues including:

Updated PCRE to version 7.0
Fixed segfault in ext/session when register_globals=On
Fixed bugs with cURL
Fixed bugs with multithreading issue
Several other issues

More information about version 4.4.6 can be found at these pages:

Several vulnerabilities and security issues addressed in version 4.4.5 are included in 4.4.6. More information about version 4.4.5 can be found at these pages:

Note that some extensions that used to be included with the installation are now external shared extensions that can be chosen through a toggle-style prompt during the vinstall process. Also, the vinstall was updated to include some Oracle-related extensions that were not previously displayed.

To install PHP or upgrade existing installations to the new 4.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php4

PHP 5.x

The vinstall for the PHP: Hypertext Preprocessor scripting language for version 5.x will be updated to install version 5.2.1. This version brings the software to the most current 5.x version and addresses several issues, some dealing with security and vulnerabilities, including:

Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed possible stack overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Fixed a possible overflow in the str_replace() function.
Fixed a possible information disclosure inside the wddx extension.
Several other bug and security issues.

More information about version 5.2.1 can be found at these pages:

To install PHP or upgrade existing installations to the new 5.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php5

User Groups

The default group membership for the administrative user will be updated to correctly reflect membership in the appropriate administrative group. No action needed.

PostgreSQL

The vinstall for the PostgreSQL database management system will be updated to correct text. This update affects the vinstall only. No action needed.

Squirrelmail

The vinstall for the SquirrelMail Webmail package will be updated to install version 1.4.8-4.0. The vinstall will also be updated to allow for installation per subhost domain and include more information about the installation. This version addresses cross-site scripting vulnerability issues mentioned here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142

More information about version 1.4.8-4.x can be found here:

https://rhn.redhat.com/errata/RHSA-2007-0022.html

To take advantage of this update, make a backup of your current configuration, uninstall the application, then connect to your server through SSH and execute the following from the command prompt:

# vinstall squirrelmail

t1lib

The t1lib library for Adobe Type 1 fonts will be updated to version 5.1.1.

No action needed.

re2c

The re2c scanner utility version 0.11.2 will be added to the system. This utility is a preprocessor that generates C-based recognizers from regular expressions. More information about re2c can be found here:

http://re2c.org/

No action needed.

FreeBSD MPS/VPS v3:

Apache

The Apache Web server will be updated to version 2.2.4. This version updates the server to the most recent 2.2.x version and addresses several issues with modules, sockets, logging, and several other issues. More information about version 2.2.4 can be found here:

http://www.apache.org/dist/httpd/CHANGES_2.2

The Web server will be restarted as part of this update.

The default Apache Web server configuration file will be updated to include a ServerLimit directive, though it will be commented out by default. No action needed.

The default configuration file will also be updated to set the CustomLog directive to combined . For current configurations, if you wish to use the combined CustomLog format for a given domain, edit the /www/conf/httpd.conf file and edit the CustomLog directive according to the following:

CustomLog path/to/logfile combined

Restart the Web server after making changes to the httpd.conf file to make them effective.

The default configuration file will also be updated to remove several directives duplicated in the SSL virtual host sections. No action needed for this change.

PHP 4.x

Updated PCRE to version 7.0
Fixed segfault in ext/session when register_globals=On
Fixed bugs with cURL
Fixed bugs with multithreading issue
Several other issues

More information about version 4.4.6 can be found at these pages:

Several vulnerabilities and security issues addressed in version 4.4.5 are included in 4.4.6. More information about version 4.4.5 can be found at these pages:

Note that some extensions that used to be included with the installation are now external shared extensions that can be chosen through a toggle-style prompt during the vinstall process.

To install PHP or upgrade existing installations to the new 4.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php4

PHP 5.x

Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed possible stack overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Fixed a possible overflow in the str_replace() function.
Fixed a possible information disclosure inside the wddx extension.
Several other bug and security issues.

More information about version 5.2.1 can be found at these pages:

To install PHP or upgrade existing installations to the new 5.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php5

Package Database

The package database will be refreshed to update dependencies and reflect recent package upgrades and changes, affecting the following packages and files:

	  
XFree86-fontEncodings-4.5.0_1
XFree86-libraries-4.5.0
Xaw3d-1.5E_1
arc-5.21o_1
arj-3.10.22
autoconf-2.13.000227_5
bitstream-vera-1.10_2
compat3x-i386-4.4.20020925
curl-7.16.0_1
cyrus-sasl-2.1.22
db41-4.1.25_4
emacs-21.3_9
expat-2.0.0_1
fontconfig-2.3.2_6,1
freetype2-2.2.1_1
gettext-0.14.5_2
ghostscript-gnu-nox11-7.07_15
gsfonts-8.11_2
imake-4.5.0
ispell-3.2.06_16
ja-groff-1.18.1_10
ja-less+iso-382.262
jasper-1.900.1
javavmwrapper-1.5
jbigkit-1.6
jpeg-6b_4
lcms-1.16_1,1
ldconfig_compat-1.0_8
lha-1.14i_6
libXft-2.1.7_1
libfpx-1.2.0.12
libgcrypt-1.2.4
libgmp-4.2.1_2
libgnugetopt-1.2_1
libgpg-error-1.4
libiconv-1.9.2_2
libksba-1.0.0_1
libltdl-1.5.22_1
libslang-1.4.9
libungif-4.1.4_2
libunrar-3.6.8,1
libxml2-2.6.18
m4-1.4.8_1
mime-support-3.39.1
mpeg2codec-1.2_1
netpbm-10.26.39
openldap-client-2.3.33
p5-File-Temp-0.18
p5-gettext-1.05_1
pico-4.64
pkg-config-0.21
pkgdb.db
png-1.2.14
popt-1.7_2
pth-2.0.7
rc_subr-1.31_1
readline-5.2
ruby-1.8.5.12,1
tiff-3.8.2_1
unzip-5.52_3
unzoo-4.4_2
xfree86-dri-4.5.0
xterm-223

No action needed.

OpenLDAP Client

The OpenLDAP client will be updated to version 2.3.34. This version brings the utility to the most current FreeBSD version and addresses issues with slapd, printing errors, documentation, and several other issues. More information about version 2.3.34 can be found here:

http://www.openldap.org/lists/openldap-announce/200702/msg00000.html

No action needed.

Libunrar

Libunrar, part of RAR: Roshal ARchive data compression software, will be updated to version 3.7.3,1. This version brings the utility to the most current FreeBSD version. More information about version 3.7.3,1 can be found here:

http://www.freshports.org/commit.php?category=archivers&port=libunrar

No action needed.

GD (Japanese)

The GD (Japanese) dynamic image code library will be updated to version 2.0.34,1. This version brings the library to the most current FreeBSD version and addresses issues with the distfile, options, Perl, and several other issues. More information about the changes in version 2.0.34,1 can be found at the following pages:

No action needed.

t1lib

The t1lib library for Adobe Type 1 fonts will be updated to version 5.1.1,1. This version brings the utility to the most current FreeBSD version. More information about version 5.1.1,1 can be found here:

http://www.freshports.org/commit.php?category=devel&port=t1lib

No action needed.

GSSAPI

The GSSAPI Perl module will be updated to version 0.24. This version brings the module to the most current FreeBSD version. More information about version 0.24 can be found here:

http://search.cpan.org/src/AGROLMS/GSSAPI-0.24/Changes

No action needed.

Portupgrade

The Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to version 2.2.6_2,2. This version brings the utility to the most current FreeBSD version. More information about version 2.2.6_2,2 can be found here:

http://www.freshports.org/commit.php?category=ports-mgmt&port=portupgrade

No action needed.

ClamAV

ClamAV, a GPL virus scanner, will be updated to version 0.90_3. This version addresses issues with the milter, configuration, and several other issues. More information about version 0.90_3 can be found at these pages:

No action needed.

ImageMagick

The ImageMagick image processing tools library will be updated to version 6.3.2.0_1. This version brings the utility to the most current FreeBSD version and addresses issues with gs, DPS, and other issues. More information about version 6.3.2.0_1 can be found here:

http://www.freshports.org/commit.php?category=graphics&port=ImageMagick

No action needed.

phpMyAdmin

A vuninstall for the phpMyAdmin MySQL administration tool will be added to the system. To remove phpMyAdmin from your account, connect to your server through SSH and execute the following command at the prompt:

# vuninstall phpmyadmin

Zend Optimizer

The vuninstall for Zend Optimizer will be updated to address problems with errors. This update affects the vuninstall only. No action needed.

pkg_install

The pkg_install package management utility will be updated to version 20060113. This version brings the utility to the most current FreeBSD version and addresses issues with dependencies. More information about version 20060113 can be found at these pages:

The following package management utilities will also be updated to correctly interact with pkg_install:

pkg_add
pkg_create
pkg_delete
pkg_info
pkg_version

No action needed.

Webmin

The vinstall for the Webmin Web-based interface for system administration for UNIX will be updated to install version 1.320. This version addresses issues with user email, status messages, and BIND. More information about version 1.320 can be found here:

http://www.webmin.com/updates.html

If you wish to install Webmin or update existing installations, make a backup of any special configuration, uninstall the utility, then connect to your server through SSH and execute the following from the command prompt:

# vinstall webmin

vaddcert

The proprietary vaddcert command-line utility for certificate management will be updated to address situations with duplicate VirtualHost directive information. No action needed.

Libtool and libltdl

The GNU Libtool generic library support script and its associated libltdl wrapper library will be updated to versions 1.5.22_4 and 1.5.22_2, respectively. These versions bring the utilities to the most current FreeBSD versions and address issues with development.

More information about Libtool version 1.5.22_4 can be found here:

http://www.freshports.org/commit.php?category=devel&port=libtool15

More information about libltdl version 1.5.22_2 can be found here:

http://www.freshports.org/commit.php?category=devel&port=libltdl15

No action needed.

Darts

The Darts: Double-Array Trie System template library will be updated to version 0.31. This version brings the utility to the most current FreeBSD version. More information about version 0.31 can be found here:

http://www.freshports.org/commit.php?category=devel&port=darts

No action needed.

Xterm

The xterm terminal emulator will be updated to version 224. This version brings the utility to the most current version and addresses issues with blinking cursors, control sequences, menus, and several other issues. More information about version 224 can be found here:

http://dickey.his.com/xterm/xterm.log.html#xterm_224

No action needed.

Oracle Client Libraries

The FreeBSD Oracle client libraries version 0.1.1_1 will be added to the system. More information about the libraries can be found here:

http://www.freshports.org/databases/oracle8-client/

Note that these libraries are not officially supported by Oracle. No action needed.

Gawk

The Gawk (GNU awk) search utility will be updated to version 3.1.5. This version updates the utility to the most current FreeBSD version. More information about version 3.1.5 can be found here:

http://www.freshports.org/commit.php?category=lang&port=gawk

No action needed.

FreeBSD MPS/VPS v2

PHP 4.x

Updated PCRE to version 7.0
Fixed segfault in ext/session when register_globals=On
Fixed bugs with cURL
Fixed bugs with multithreading issue
Several other issues

More information about version 4.4.6 can be found at these pages:

Several vulnerabilities and security issues addressed in version 4.4.5 are included in 4.4.6.

More information about version 4.4.5 can be found at these pages:

Note that some extensions that used to be included with the installation are now external shared extensions that can be chosen through a toggle-style prompt during the vinstall process.

To install PHP or upgrade existing installations to the new 4.x version, connect to your server through SSH and execute the following command from the prompt:

# vinstall php4

Mailman

The vinstall for Mailman, the GNU Mailing List Manager, will be updated to address issues with directory permissions. To take advantage of this update, make a backup of your current configuration and lists, uninstall the application, then connect to your server through SSH and execute the following command at the prompt:

# vinstall mailman

phpMyAdmin

A vinstall to install the phpMyAdmin database administration tool (version 2.9.0.2) will be added to the system. A vuninstall to remove phpMyAdmin will also be added to the system. More information about phpMyAdmin can be found here:

http://www.phpmyadmin.net/home_page/index.php

To install phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:

# vinstall phpMyAdmin

Package Database

The package database will be refreshed to update dependencies and reflect recent package upgrades and changes, affecting the following packages and files:

XFree86-fontEncodings-4.5.0_1
XFree86-libraries-4.5.0
Xaw3d-1.5E_1
arc-5.21o_1
arj-3.10.22
autoconf-2.13.000227_5
bitstream-vera-1.10_2
compat3x-i386-4.4.20020925
curl-7.16.0_1
cyrus-sasl-2.1.22
db41-4.1.25_4
emacs-21.3_9
expat-2.0.0_1
fontconfig-2.3.2_6,1
freetype2-2.2.1_1
gettext-0.14.5_2
ghostscript-gnu-nox11-7.07_15
gsfonts-8.11_2
imake-4.5.0
ispell-3.2.06_16
ja-groff-1.18.1_10
ja-less+iso-382.262
jasper-1.900.1
javavmwrapper-1.5
jbigkit-1.6
jpeg-6b_4
lcms-1.16_1,1
ldconfig_compat-1.0_8
lha-1.14i_6
libXft-2.1.7_1
libfpx-1.2.0.12
libgcrypt-1.2.4
libgmp-4.2.1_2
libgnugetopt-1.2_1
libgpg-error-1.4
libiconv-1.9.2_2
libksba-1.0.0_1
libltdl-1.5.22_1
libslang-1.4.9
libungif-4.1.4_2
libunrar-3.6.8,1
libxml2-2.6.18
m4-1.4.8_1
mime-support-3.39.1
mpeg2codec-1.2_1
netpbm-10.26.39
openldap-client-2.3.33
p5-File-Temp-0.18
p5-gettext-1.05_1
pico-4.64
pkg-config-0.21
pkgdb.db
png-1.2.14
popt-1.7_2
pth-2.0.7
rc_subr-1.31_1
readline-5.2
ruby-1.8.5.12,1
tiff-3.8.2_1
unzip-5.52_3
unzoo-4.4_2
xfree86-dri-4.5.0
xterm-223

Ports Collection

The FreeBSD Ports Collection will be updated to address issues with the configuration causing problems with installing ports. No action needed.

OpenLDAP Client

Libunrar

GD (Japanese)

No action needed.

t1lib

ImageMagick

Crypt::SSLeay

The Crypt::SSLeay Perl module version 0.53 will be added to the system. More information about Cypt::SSLeay can be found here:

http://search.cpan.org/dist/Crypt-SSLeay/

No action needed.

URI

The URI Perl module version 1.35 will be added to the system. More information about the URI module can be found here:

http://search.cpan.org/dist/URI/

No action needed.

XSLoader

The XSLoader Perl module version 0.07 will be added to the system. More information about the XSLoader module can be found here:

http://search.cpan.org/dist/XSLoader/

No action needed.

MIME::Base64

The MIME::Base64 Perl module will be updated to version 3.07. This version addresses issues with the makefile. More information about version 3.07 can be found here:

http://search.cpan.org/src/GAAS/MIME-Base64-3.07/Changes

No action needed.

Portupgrade

The Portupgrade FreeBSD ports/packages administration and management tool suite will be updated to version 2.2.2_4,2. This version brings the utility to the most current FreeBSD version. More information about version 2.2.2_4,2 can be found here:

http://www.freshports.org/commit.php?category=ports-mgmt&port=portupgrade

No action needed.

Webmin

pkg_install

The following package management utilities will also be updated to correctly interact with pkg_install:

pkg_add
pkg_create
pkg_delete
pkg_info
pkg_version

No action needed.

chown

The chown file and directory command will be updated to no longer support deprecated syntax, such as the following:

user.group

More information about chown can be found in the online man (or manual) pages.

No action needed.

Quota

The system will be updated to address certain conditions that would cause corruption of quotas when an account was relinked. No action needed.

Signature

Control Panel: The Control Panel will be updated to address issues with opening email folders including Kanji characters to ensure that users can properly name and utilize folders.

No action needed.

Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.