Our Sponsors

Die ISPConfig Entwicklung wird unterstützt von der projektfarm GmbH Lüneburg.

ISPConfig 3.0.5.4 Patch 5 released

Dienstag, Oktober 28, 2014

What’s new in ISPConfig 3.0.5.4p5

This release introduces support for Ubuntu 14.10 and fixes some Bugs.

See changelog link below for a list of all changes that are included in this release.

—————————————————–
– Download
—————————————————–

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p5.tar.gz

————————————
– Changelog
————————————

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=83&status[]=

————————————–
– Known Issues:
————————————–

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

————————————–
– BUG Reporting
————————————–

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

—————————————-
– Supported Linux Distributions
—————————————-

– Debian Etch (4.0) – Wheezy (7.0) and Debian testing
– Ubuntu 7.10 – 14.10
– OpenSuSE 11 – 13.1
– CentOS 5.2 – 7
– Fedora 9 – 15

—————————————–
– Installation
—————————————–

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

——————————————
– Update
——————————————

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

——————————————-
– Manual update instructions
——————————————-

cd /tmp
 wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
 tar xvfz ISPConfig-3-stable.tar.gz
 cd ispconfig3_install/install
 php -q update.php

ISPConfig 3.0.5.4 Patch 2 released

Freitag, August 1, 2014

ISPConfig 3.0.5.4 Patch 2 is available for download. This is a patch release for ISPConfig 3.0.5.4 that fixes some issues that were found in the last version.

http://www.ispconfig…-vulnerability/

CERT Tracking ID: VRF#HYB1YX6V

See changelog link below for a list of all changes that are included in this release.


—————————————————–
– Download
—————————————————–

The software can be downloaded here:

http://prdownloads.s….0.5.4p2.tar.gz

————————————
– Changelog
————————————

http://bugtracker.is…ue=80&status[]=

————————————–
– Known Issues:
————————————–

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

————————————–
– BUG Reporting
————————————–

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

—————————————-
– Supported Linux Distributions
—————————————-

– Debian Etch (4.0) – Wheezy (7.0) and Debian testing
– Ubuntu 7.10 – 14.04
– OpenSuSE 11 – 13.1
– CentOS 5.2 – 6.5
– Fedora 9 – 15

—————————————–
– Installation
—————————————–

The installation instructions for ISPConfig can be found here:

http://www.ispconfig…/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

——————————————
– Update
——————————————

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

A „reconfigure services“ is not required for this patch update.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge….te-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

——————————————-
– Manual update instructions
——————————————-

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

Metasploit has released a vulnerability notice for the ISPConfig project:

http://packetstormse…e/CVE-2013-3629

Short Description

A correctly authenticated ISPconfig server administrator is able to upload language files into ISPConfig on his own server which potentially may contain malicious php code.

Questions and answers

Q: Can someone attack my server trough this exploit remotely?
A: No.

Q: Is this a privilege escalation issue?
A: No.

Q: Can a client or reseller attack my server trough this vulnerability?
A: No.

Q: Is a fix available for this Issue?
A: Yes, a fix is available since september 4th
http://www.ispconfig…ig/patches.html
The patch ID is: 3053_langimport

Q: How can my server be affected by this vulnerability?
A: The only way to misuse this potential vulnerability on an unpatched
server is that the server administrator downloads a language file
from an untrusted source and then uploads this language file into
ISPConfig on his own server after he authenticated himself correctly
as server administrator. So the risk that someone is affected by
this issue at all is very low.

Q: How did you fix it?
A: We implemented a stricter parser for the language files to avoid
that language files with malicious code get written to disk when
uploaded by the administrator. Additionally we added a warning text
to remind the administrator to not upload files from untrusted
sources to his server.

Q: What about the article at PCWorld and the blog from Metasploit?
A: Metasploit and PCWorld published a misleading article about this
potential vulnerability in ISPConfig and some other OS projects
were they claim that we haven’t and even won’t patch this issue while
the issue is indeed patched since Sept 4th.
We informed metasploit about that on Sept 4th. This can be verified
by everyone in our svn log:

Revision 4144 from our SVN stable branch:
svn://svn.ispconfig.org/ispconfig3/branches/ispconfig-3.0.5

The patch was also published on the ISPConfig patch page the same
day. The disclosure was sent to us encrpyted with our pgp key and
also our contact information is linked on every page on the
ispconfig.org website, so the information that we can not be reached
or that the disclosure could not be sent to us securely as stated by
PCWorld is just wrong.

Ubuntu 13.10 Upgrade Warnung

Mittwoch, Oktober 23, 2013

Ubuntu 13.10 wurde vor kurzem veröffentlicht. Diese neue Ubuntu Version verwendet Apache 2.4, was zu verschiedenen Problemen führt da Apache 2.4 eine neue Konfigurationssyntax verwendet. ISPConfig 3.0.5.3 ist noch nicht kompatibel mit Apache 2.4. Wir raten daher von einem Update auf Ubuntu 13.10 ab bis Apache 2.4 in ISPConfig unterstützt wird.

ISPConfig 3.0.5.3 released

Freitag, August 9, 2013

ISPConfig 3.0.5.3 is available for download. This release is a bugfix release for ISPConfig 3.0.5 and contains a important security patch. It is highly recommended to install this update.

Please see security advisory for details:

http://www.ispconfig.org/dev/ispconfig-3-security-advisory-20130808/

For a detailed list of changes, please see the changelog section below.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.3.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=73&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Wheezy(7.0) and Debian testing
– Ubuntu 7.10 – 13.04
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

ISPConfig 3 Security Advisory 2013/08/08

Donnerstag, August 8, 2013

Summary

A security issue has been found in the sites module which allows customers to create website users
for websites which they do not own from within the ISPConfig interface. This issue requires a valid
ISPConfig client login and the manipulation of http variables. If a client would try to create a
login for a different site, his actions are recorded in the sys_datalog and can be tracked down
by the administrator even if he deletes this login again.

Affected versions

All ISPConfig 3 versions < 3.0.5.3 Mitigation

A hotfix for ISPConfig 3.0.5.2 is available at ispconfig.org:

http://www.ispconfig.org/downloads/ispconfig-hotfix-2013-08-08.zip

This hotfix needs to be applied only to servers with an ISPConfig interface; you do not need to apply this patch on slave servers without an ISPConfig interface.

Installation instructions for the hotfix:

Login to your server as root and execute the following commands:

wget http://www.ispconfig.org/downloads/ispconfig-hotfix-2013-08-08.zip
unzip ispconfig-hotfix-2013-08-08.zip
cd ispconfig-hotfix-2013-08-08/
chmod +x ispconfig-hotfix.sh
./ispconfig-hotfix.sh

Additionally to the hotfix, ISPConfig 3.0.5.3 will be released tomorrow
(August 09. 2013) which fixes this issue as well.

Credit

ISPConfig was notified of this issue by researcher Tim Mishutin ( ISPConfig forum user: Almere )
from SecureHoster (www.securehoster.nl).

ISPConfig 3.0.5.2 released

Donnerstag, März 28, 2013

ISPConfig 3.0.5.2 is available for download. This release is a bugfix release for ISPConfig 3.0.5.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=73&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.10
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

ISPConfig 3.0.5.1 released

Mittwoch, Februar 27, 2013

ISPConfig 3.0.5.1 is available for download. This release is a bugfix release for ISPConfig 3.0.5.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.1.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=73&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.10
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

ISPConfig 3.0.5 final released

Montag, Februar 25, 2013

ISPConfig 3.0.5 is available for download. This release is a major release of ISPConfig 3.

For a detailed list of changes, please see the changelog section below.

=====================================================
*** New! The ISPConfig 3 manual for ISPConfig 3.0.5 is now available! ***

Version 1.4 for ISPConfig >= 3.0.5 (Date: 02/22/2013)
Author: Falko Timme

373 pages

The manual can be downloaded from these two links:

www.ispconfig.org/ispconfig-3/ispconfig-3-manual/
www.howtoforge.com/download-the-ispconfig-3-manual
=====================================================

What’s new in ISPConfig 3.0.5

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.
– IDN domains are converted automatically to / from punicode. (requires PHP idn extension from pecl)
– Mail traffic reporting for dovecot servers.

Special thanks to Marius Cramer from www.pixcept.de for his contributions to the 3.0.5 ISPConfig release.

Download

The software can be downloaded here:

prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.tar.gz

Changelog

bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Known Issues

Please take a look at the bugtracker:

bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Squeeze (6.0) and Debian testing
– Ubuntu 7.10 – 12.10
– OpenSuSE 11 – 12.2
– CentOS 5.2 – 6.3
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

www.ispconfig.org/documentation/

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

ISPConfig 3.0.5 RC 1 released for testing

Freitag, Dezember 21, 2012

The release candidate (RC) of the upcoming ISPConfig 3.0.5 is available for download. RC versions are released for testing purposes and should not be installed on production systems.

What’s new in ISPConfig 3.0.5

– APS package installer. See http://www.apsstandard.org for a list of available packages.
– New web backup system which includes the website databases.
– Mailuser login.
– PHP version selector. Use different PHP versions for different websites.
– Subdomains as virtualhost with separate directory inside the directory tree of the main website without rewriting.
– Support for mod_perl2.
– Improved default theme.
– Global search function.
– PHP-FPM support for Apache servers.
– PHP-FPM mode selector in website options.
– Hardened the website folder structure with new folder protection feature and stricter security settings.
– Maintenance mode.
– Password generator.
– Password confirmation fields.
– Directive snippets for Apache, nginx, and PHP can now be saved and be reused for other websites.
– Forms can be submitted by pressing ENTER (you don’t have to click the Save button anymore).
– Many more minor feature enhancements and bugfixes.
– Mail traffic reporting for dovecot servers.

Special thanks to Marius Cramer from www.pixcept.de for his contributions to the 3.0.5 ISPConfig release.

Detailed Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=45&status[]=

Download

http://www.ispconfig.org/downloads/ISPConfig-3.0.5-rc1.tar.gz

Update instructions

cd /tmp
rm -rf /tmp/ispconfig3_install
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.5-rc1.tar.gz
tar xvfz ISPConfig-3.0.5-rc1.tar.gz
cd ispconfig3_install/install
php -q update.php