Article ID: 2552, created on Oct 29, 2007, last review on Apr 25, 2014

  • Applies to:
  • Pro Control Panel Linux


View Knowledge
Knowledge ID 1690
Product : WEBppliance for Linux
Version : 3.1.11
Topic : FAQ

Security Patch : WEBppliance for Linux 3.1.11 (LS)

Security Patch : WEBppliance for Linux 3.1.11 (LS)



WEBppliance 3.1.11 LS

The WEBppliance 3.1.11 provides a Security Patch which resolves ZLib Buffer overflow vulnerability, MySQL double-free vulnerability, multiple xinetd & squirrelmail vulnerabilities along with some bug fixes.

Compatibility :

This Patch requires WEBppliance 3.1.10 to be installed on your server.


  • This patch will not install on any other version of WEBppliance other than 3.1.10.
  • This upgrade will put your WEBppliance into maintenance mode. It will first disable all of your sites, upgrade the WEBppliance and FILESYSTEMTEMPLATE RPMS and then re-enable your sites to upgrade their file systems.
    This process can take up to several hours depending on how many domains you have, so please schedule your maintenance window for doing this upgrade appropriately.

ISSUES: Some customers have experienced problems with MySQL not restarting during the upgrade. This happens because MySQL's init script does not stop fast enough and then a start is called which causes it to fail because its unable to bind 3306. You can see this behaviour in /var/log/mysqld.log. To get around this problem before you start the upgrade you can stop mysql by doing: /etc/rc.d/init.d/mysqld stop

This patch fixes the security vulnerability mentioned below:

  • Zlib buffer overflow vulnerability that allows more than 4096 bytes buffer to overflow.

    zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits of the gzprintf overrun, and only a few programs, including rpm2html and gimp-print, are known to use the gzprintf function. The problem has been fixed by checking the length of the output string within gzprintf.

    Advisory details for the security patch are available at the following URL:

  • MySQL double-free security vulnerability and a root exploit security vulnerability

    A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service (crash) by creating a carefully crafted client application.

    MySQL 3.23.55 and earlier creates world-writable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart.

    Advisory details for the security patch are available at the following URL: 
  • Multiple xinetd security vulnerabilities.

    Because of a programming error, memory was allocated and never freed if a connection was refused for any reason. An attacker could exploit this flaw to crash the xinetd server, rendering all services it controls unavailable. In addition, other flaws in xinetd could cause incorrect operation in certain unusual server configurations.

    Advisory details for the security patch are available at the following URL:
  • Multiple SquirrelMail security vulnerabilities.

    Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 and earlier allow remote attackers to execute script as other Web users via mailbox displays, message displays, or search results displays.

    Advisory details for the security patch are available at the following URL:


Other Resolved Issues :

  • A problem was reported about Apache exiting every night at exactly the same time after 1hup_apache_logs runs in cron.daily. This problem is now fixed in this version.
  • While restoring a site backup and some files were incorrectly getting root ownership. This problem is now fixed in this version.
  • Site admin could not login after disabling and enabling the site after restoring that site. This problem is now fixed in this version.

Installation instructions 

Download site:  (be sure to download using BINARY mode)

To install the patch, please follow the instructions below:

  1. Download the file LS-3.1.11-2.tar.gz
  2. Uncompress the file: 
    tar -xvzf LS-3.1.11-2.tar.gz
  3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.1.11-2
  4. Run the following command
    # sh ./

The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access). 

This install script will restart the Apache and MySQL services automatically.


Related Knowledge

Related Links
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:36:54 PM72 10/11/2007 6:48:58 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF