ISPConfig 3.0.5.4p9 released

Dieses Thema im Forum "Allgemein" wurde erstellt von Till, 29. März 2016.

  1. Till

    Till Administrator

    What’s new in ISPConfig 3.0.5.4p9
    This release contains an important security fix for an insufficient validation of the PHP version selector.

    Scope of the issue: an attacker would require a valid ISPConfig login with access to the web module. The issue affects the ISPConfig interface only, on a multiserver system, only the interface server(s) have to be patched.

    Thank you to Timo Boldt https://git.ispconfig.org/u/timo.boldt for reporting this issue!

    The fix can be applied by updating to ISPConfig 3.0.5.4p9 or by using the ISPConfig patch tool.

    Use the Patch tool
    Run the command:

    Code:
    ispconfig_patch
    as root user on the shell. Enter the following patch code when requested by the tool:

    3054_phpversion

    Use the normal ISPConfig update procedure with the ispconfig_update.sh command.
    See details at the end of this post.

    The “Reconfigure services” option can be answered with “no” on servers that run ISPConfig 3.0.5.4p8.

    See changelog link below for a list of all changes that are included in this release.

    Download
    The software can be downloaded here:

    http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p9.tar.gz

    Changelog
    https://git.ispconfig.org/ispconfig/ispconfig3/milestones/50

    Known Issues
    Please take a look at the bug tracker:

    https://git.ispconfig.org/ispconfig/ispconfig3/issues

    BUG Reporting
    Please report bugs to the ISPConfig bug tracking system:

    https://git.ispconfig.org/ispconfig/ispconfig3/issues

    Supported Linux Distributions
    – Debian Etch (4.0) – Jessie (8.0) and Debian testing
    – Ubuntu 7.10 – 15.10
    – OpenSuSE 11 – 13.2
    – CentOS 5.2 – 8
    – Fedora 9 – 15

    Installation
    The installation instructions for ISPConfig can be found here:

    http://www.ispconfig.org/ispconfig-3/documentation/

    or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

    Update
    To update existing ISPConfig 3 installations, run this command on the shell:

    Code:
    ispconfig_update.sh
    Select “stable” as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

    Detailed instructions for making a backup before update can be found here:

    http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

    If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

    Manual update instructions
    Code:
    cd /tmp
    wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
    tar xvfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install
    php -q update.php
     
  2. BlackP

    BlackP New Member

    Hi,
    habe den Patch per ispconfig_patch eingespielt. Wie bekomme ich jetzt aber den ISPConfig Versionshinweis entfernt.

    Danke
     
  3. Till

    Till Administrator

    Wenn Du die Versionsnummer anpassen willst, dann musst Du /usr/local/ispconfig/interface/lib/config.inc.php ändern.
     

Diese Seite empfehlen