Ensim today announces the release of WEBppliance Pro for Linux 3.5.21, a maintenance patch that resolves key issues.
You can upgrade to WEBppliance Pro for Linux version 3.5.21 from version 3.5.20 ONLY.
WEBppliance Pro for Linux 3.5.21-10 fixes the following security issues:
- Updates fileutils and coreutils packages that close a potential denial of service vulnerability (28653). Advisory details available at: https://rhn.redhat.com/errata/RHSA-2003-309.html.
- When upgrading from 3.1 to 3.5.x the logo on the classic skin looks compressed into a smaller space, but looks normal in the mercury skin (28648).
- Spanish translations on the navbar (in the classic skin) are too long for the frame and do not wrap properly (28409).
- Updates glibc packages that resolve vulnerabilities and address several bugs (28763). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-309.html.
- Updated PostgreSQL packages correct a buffer overflow in the to_ascii routines (28776). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-313.html.
- WEBppliance GUI can be remotely restarted by anybody. This is a DoS attack (29408).
- When using mysqlmig.pyc -u option as indicated by WEBppliance Pro upgrade documentation, the user's entries are added 'double encrypted' and thus the passwords are wrong (29004).
- Updated Apache packages that fix a minor security issue (29783). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-405.html.
- Logrotate is disabled when a siteadmin changes his password (30013).
- Security bug in phpbb power tool (29056). Advisory details available at http://www.phpbb.com/phpBB/viewtopic.php?t=153818.
- Security fix for osCommerce cross site scripting vulnerability (29787). Advisory details available at http://www.oscommerce.com.
- Site admin can gain root access through a kind of trojan with webppliance and webalizer service (29744).
To install the patch, please follow the instructions below:
1. Download the file LS-3.5.21-10.tar.gz from http://download.swsoft.com/ensim/download/webppliance/linux/Pro/3.5.21/
2. Uncompress the file:
tar -xvzf LS-3.5.21-10.tar.gz
3. Change the current directory to the directory where you have uncompressed the file:
4. Run the following command
# sh ./patch-install-3.5.21-10.sh
The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).
This install script will restart webppliance services automatically.
For more information about specific security fixes included in this patch, please see the following Related Knowledge: