Article ID: 2392, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 1154
Product : WEBppliance for Linux
Version : 3.5.1
Topic : Notifications

Title
WEBppliance Pro for Linux 3.5.1 (LS)

Summary
WEBppliance Pro for Linux 3.5.1 (LS)

Prevention


Details
Solution:

WEBppliance Pro 3.5.1 provides a security patch that resolves the Sendmail and OpenSSL security vulnerability.
It also fixes some of the high priority bugs reported in Webppliance Pro 3.5.0.

Compatibility : 
This Patch requires WEBppliance Pro 3.5.0 to be installed on your server. 

Important:  You can apply the WEBppliance Pro 3.5.1 patch on the WEBppliance Pro 3.5.0 

Fix provided for the following security issues :

  • Sendmail vulnerability that allows local and possibly remote attackers to gain root privileges. 

    There is a vulnerability in Sendmail versions prior to and including 8.12.8. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. Although no exploit currently exists, this issue is probably locally exploitable and may also be remotely exploitable. 

    Advisory details for the security patch are available at the following URL: 
    http://rhn.redhat.com/errata/RHSA-2003-120.html

  • OpenSSL vulnerability that allows a potential timing-based attack and a modified Bleichenbacher attack.

    The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

    Advisory details for the security patch are available at the following URL: 
    http://rhn.redhat.com/errata/RHSA-2003-101.html

Other Resolved Issues : 

If your WEBppliance has a deleted reseller, this would cause upgrade to fail. This has been corrected in 3.5.1.

  • If your WEBppliance has reseller sites with disabled disk quota, upgrade would fail. This has been corrected in 3.5.1.     
  • Previously, upgrade would stop at the first site that fails upgrade. Upgrade now processes all sites during an upgrade logging info on all sites that fails to upgrade correctly. If any site failed upgrade, WEBppliance doesn't exit Maintenance mode. The user must repair all failed sites, and restart WEBppliance to complete the upgrade.     
  • RedHat 7.3 broke out CGI.pm into the rpm perl-CGI. On an upgrade or a new install of WEBppliance Pro 3.5.0, this RPM isn't installed and perl CGIs are broken because of this. This new RPM is now included in WEBppliance Pro 3.5.1.     
  • Corrects a problem with restoring a backup from some ftp servers.     
  • A missing Appliance Admin email address no longer causes an upgrade to fail. Logging of upgrade has been improved.     
  • Two or more domains with the exact same 1st 30 characters no longer cause upgrade to fail.

Installation Instructions :

Download Site : (be sure to download using BINARY mode)
http://download.swsoft.com/ensim/download/webppliance/linux/pro/3.5.1/

  1. Download the file LS-3.5.1-5.tar.gz
  2. Uncompress the file:    
    tar -xvzf LS-3.5.1-5.tar.gz
  3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.5.1-5
  4. Run the following command
    # sh ./patch-install-3.5.1-5.sh

    The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access). 

    This install script will restart the sendmail and webppliance services automatically.

Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/20/2004 1:05:17 PM23 10/11/2007 6:23:43 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF