AlpineWeb Design Home
Is there a domain name available for you?  
Search: For:   ~ Advanced Search
    Support Home > Hosting > Server Software Updates > 2007

Server Software Update Notification: 07-14-2007

The following updates will be completed 07/18/2007 on all servers:

FreeBSD MPS/VPS v2

Dovecot
The vinstall for the Dovecot email server will be updated to install version 1.0.1. This version introduces several new features, such as new error levels. It also addresses several outstanding issues, such as UID and index inconsistencies. More information about version 1.0.1 can be found here:

http://www.dovecot.org/list/dovecot-news/2007-June/000045.html

Dovecot will be restarted as part of this update. The Dovecot email user mailbox will also be removed. No action needed.

The Dovecot configuration file will also be updated to protect against DoS-style attacks. For those who have not manually modified the configuration file, no action needed. If you have manually modified your /usr/local/etc/dovecot.conf file, to take advantage of this update, edit the file and add the following lines:

login_max_process_count = 30
max_mail_proceses = 50
PHP
The PECL (PHP Extension Community Library) PHP extension repository will be updated to correctly interface with the version-specific PHP extension directories. No action needed.
SpamAssassin
The vinstall for the SpamAssassin mail filter will be updated to install version 3.2.1. This version brings the utility to the most current FreeBSD version and addresses a security issue (CVE-2007-2873) discussed here:

http://spamassassin.apache.org/advisories/cve-2007-2873.txt

This version also addresses issues with false positives, hash entries, zlib, temp directories, and several other issues. More information about version 3.2.1 can be found here:

http://svn.apache.org/repos/asf/spamassassin/branches/3.2/build/announcements/3.2.1.txt

To update existing SpamAssassin installations and keep the current program configuration, connect to your server through SSH and execute the following command from the prompt:

# vinstall spamassassin

Answer "yes" (the default) when prompted with the question "Would you like to overwrite/upgrade your existing installation? [yes]:" Answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.2.1 to process *all* email received by this server now? [no]:" Finally, answer "no" (the default) when asked "Would you like to setup Spam Assassin 3.2.1 to process email for a particular user now? [no]:"
PostgreSQL
The vinstall for the PostgreSQL database management system will be updated to install version 7.4.17. This version addresses a security concern (CVE-2007-2138), discussed here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138

More information about the security issues and version 7.4.17 can be found here:

http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17

The vinstall will also be updated to address issues with startup script paths.

To install PostreSQL, connect to your server through SSH and run the following from the command prompt:

# vinstall postgresql

Follow the onscreen instructions to complete the installation.

Note: To upgrade existing installations, make a backup of all databases, shutdown PostgreSQL, and uninstall the current version before running "vinstall postgresql" (above). For considerations in upgrading between versions of PostgreSQL, including avoiding data loss, see:

http://www.postgresql.org/docs/7.4/static/install-upgrading.html

The vinstall will also be updated to create certain databases at installation time. This update affects the vinstall only. No action needed.
Accrisoft
The Accrisoft Freedom installation process will be updated to better address PHP compatibility. No action needed.
Webmin
The vinstall for the Webmin Web-based interface for system administration for UNIX will be updated to install version 1.350. This update addresses issues with DNS records and radio buttons. More information about version 1.350 can be found here:

http://www.webmin.com/updates.html

If you wish to install Webmin or update existing installations, make a backup of any special configuration, uninstall the utility, then connect to your server through SSH and execute the following from the command prompt:

# vinstall webmin
VIH
The proprietary VIH configuration file editor will be added to the system. This command makes it easy to edit the Apache Web server configuration files through a choice of several text editors. It also makes backups of the configuration files. More information about VIH can be found by connecting to your server through SSH and executing the following from the command prompt:

# vih -h
Perl Module
The proprietary Cmds Perl module will be updated to version 1.7. This version increased the verbosity support of the module. No action needed.
Namazu
The vinstall for the Namazu full-text search system will be updated address error messages. This update affects the vinstall only. No action needed.
GD (Japanese)
The GD (Japanese) dynamic image code library will be updated to version 2.0.35,1. This version brings the utility to the most current version and addresses security issues with infinite loops, integer overflows, and other issues. More information about version 2.0.35,1 of the full gd package can be found here:

http://www.libgd.org/ReleaseNote020035

No action needed.

Signature

Signature Control Panel Mail
The following bugs have been fixed as part of this release:
  • When an email attachment contained the pound # or % symbol, users could not see the attachment in printable view.
  • Files using Japanese language file names could not be opened and displayed correctly.
  • Mail folders that use an ampersand in the file name did not show sub-folders.
  • If you export an address book and then re-import it, the book contents can become garbled. UTF8 encoding did not work when importing an address book.
  • Control panel tabs did not display correctly.
  • Webmail would not display some HTML elements when viewed.
No action needed for any of these items.
File Uploads
Users can type file names in the Upload File utility field to upload files from their local computer (in other words, they do not use the Browse button). If they mis-type the file name, the Signature Control Panel creates an empty file with that name in the selected="selected" directory. The file the user wants is not uploaded, and no error message exists to inform the user that the file is not on the local pc.

Now, users will not be able to upload mis-typed file names (files that do not exist) from their local pc.

No action needed.
NoteNote: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. AlpineWeb might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.


image


image
Authorized viaVerio Reseller         Authorize.net         Miva Certified Business Partner