Ensim today announces the release of WEBppliance Pro for Linux 3.5.21, a maintenance patch that resolves key issues.
You can upgrade to WEBppliance Pro for Linux version 3.5.21 from version 3.5.20 ONLY.
You can upgrade to WEBppliance Basic for Linux version 3.5.21 from version 3.5.20 ONLY.
WEBppliance Pro for Linux 3.5.21-10 fixes the following security issues:
- Updates fileutils and coreutils packages that close a potential denial of service vulnerability (28653). Advisory details available at: https://rhn.redhat.com/errata/RHSA-2003-309.html.
- When upgrading from 3.1 to 3.5.x the logo on the classic skin looks compressed into a smaller space, but looks normal in the mercury skin (28648).
- Spanish translations on the navbar (in the classic skin) are too long for the frame and do not wrap properly (28409).
- Updates glibc packages that resolve vulnerabilities and address several bugs (28763). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-309.html.
- Updated PostgreSQL packages correct a buffer overflow in the to_ascii routines (28776). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-313.html.
- WEBppliance GUI can be remotely restarted by anybody. This is a DoS attack (29408).
- When using mysqlmig.pyc -u option as indicated by WEBppliance Pro upgrade documentation, the user's entries are added 'double encrypted' and thus the passwords are wrong (29004).
- Updated Apache packages that fix a minor security issue (29783). Advisory details available at https://rhn.redhat.com/errata/RHSA-2003-405.html.
- Logrotate is disabled when a siteadmin changes his password (30013).
- Security bug in phpbb power tool (29056). Advisory details available at http://www.phpbb.com/phpBB/viewtopic.php?t=153818.
- Security fix for osCommerce cross site scripting vulnerability (29787). Advisory details available at http://www.oscommerce.com.
- Site admin can gain root access through a kind of trojan with webppliance and webalizer service (29744).
To install or upgrade to WEBppliance Pro for Linux 3.5.21, you need to download WEBppliance 3.5.20-9 from AppXchange onto ServerXchange 3.2.0 or higher, and then install WEBppliance 3.5.20 on your Virtual or Dedicated Server.
To install or upgrade to WEBppliance 3.5.21:
Step 1: Download WEBppliance 3.5.21 from AppXchange
1. Connect to AppXchange, then in the Web Hosting area, click View.
2. In the Select column, select the Linux WEBppliance 3.5.21 check box, then click Add selected items to cart.
3. Click Download.
4. Review the license agreement, then click Agree. Action information and a progress report are displayed. WEBppliance 3.5.21 is downloaded onto your ServerXchange server.
5. Click Done below the progress report. Proceed to Step 2.
Step 2: Install or upgrade to WEBppliance 3.5.21
1. In the Server and Application Manager interface, click Servers on the left navigation bar.
2. Locate the server on which you want to install or upgrade WEBppliance.
3. Click the host name of the server.
4. Click the Applications tab.
5. Select the Install option from the list of menu options displayed under the Applications tab.
6. Locate Linux WEBppliance 3.5.21 and select the corresponding check box in the Select column.
7. Click Next.
8. Select the services and add-ons you want to install or upgrade. If you are upgrading, be sure to select all the services and add-ons currently installed on your existing WEBppliance to ensure they are upgraded properly.
9. Click Next, then click Finish.
When the installation or upgrade is complete, WEBppliance restarts automatically.