Article ID: 9100, created on Oct 1, 2010, last review on May 10, 2014

  • Applies to:
  • H-Sphere 3.3

Symptoms

  • PHP 5 version is too old (5.2.12 or less) and contains known vulnerabilities.
  • Apache 2 version is too old (2.2.13) and contains known vulnerabilities.
  • ClamAV version is too old (0.95.2) and contains known vulnerabilities.

Resolution

Update your H-Sphere servers with the newer versions of Apache 2, PHP 5 and ClamAV packaged by Parallels.

Note: For some time, these packages are available only for private updates.

Use the instructions below to perform a private update.

Important: The instruction steps should be performed in exactly the same order as they are listed.

  1. Update CP Apache 2 - on CP server:
    # sh U33.0P1 cpupdate private

    1. Verify that CP Apache 2 was updated successfully.
      On Linux CP:
      # rpm -qa | grep hsphere-cpanel-apache2
      On FreeBSD CP:
      # pkg_info | grep hsphere-cpanel-apache2

      The output should contain the new version only:
      On Linux CP:
      hsphere-cpanel-apache2-2.2.16-0
      On FreeBSD CP:
      hsphere-cpanel-apache2-2.2.16_0
  2. Decide what physical servers you will update. You might want to update only a few servers at first and test using them in production, and update the rest after testing is successful.
  3. (Necessary only if you don't have profile with the same settings) Create a new physical server profile, as described at http://hsphere.parallels.com/docs/3.3/admin/html/pserver_profiles.html
    When creating the profile:

§  Select Unix as a base for the profile.

§  Select the Private update (for testing purpose) (-P) checkbox.

§  You may leave the other settings unchanged.

  1. Assign the created (or existing) “private” physical server profile to the servers you want to update as described at http://hsphere.parallels.com/docs/3.3/admin/html/pserver_profiles.html.
  2. Update the servers as described at http://hsphere.parallels.com/docs/3.3/admin/html/updating_box_from_cp.html
  3. When the update is finished, verify that the servers were updated successfully:
    1. At the E.Manager -> Update -> Update Boxes screen, for each updated server, click the server name and read the updater log. Verify that the new versions of the following packages were installed:

Package

Linux Version

FreeBSD Version

hsphere-php5-cgi

5.2.14-0

5.2.14_0

hsphere-php5-1x

5.2.14-0

5.2.14_0

hsphere-php5-2x

5.2.14-0

5.2.14_0

hsphere-php5-pear

5.2.14-0

5.2.14_0

hsphere-php5-devel

5.2.14-0

5.2.14_0

hsphere-php5-plugins-1x

5.2.14-0

5.2.14_0

hsphere-php5-plugins-2x

5.2.14-0

5.2.14_0

hsphere-php-accelerators

1-6

1_6

hsphere-apache2-h3.1

2.2.16-0

2.2.16_0

hsphere-mail-service

5-10

5_10

Note: if you have not applied any private updates to your 3.3P1 servers before, some other packages can be updated.

    1. Check the overall update status at the end of the log.
    2.  (optional) Additionally, you may log in to the updated servers over SSH and issue the following command:
      On Linux servers:
      # rpm -qa | grep <package-name>
      On FreeBSD servers:
      # pkg_info | grep <package-name>
      The output should contain the new versions only.
  1. ClamAV database format has changed, and mail is not accepted by mail boxes with antivirus enabled, until the database is updated. The database is updated automatically once an hour. You can speed up this update by running freshclam manually:
    # freshclam
    Then restart ClamAV service:
    On Linux:
    # /etc/init.d/clamd restart
    On FreeBSD:
    # /etc/rc.d/clamd restart

f213b9fa8759d57bee5d547445806fe7 6311ae17c1ee52b36e68aaf4ad066387 3fce07d43dd909dcf7cad8a0e8c377eb

Email subscription for changes to this article
Save as PDF