You are currently browsing the archives for the News category.

Our Sponsors

Die ISPConfig Entwicklung wird unterstützt von der projektfarm GmbH Lüneburg.

Archive for the ‘News’ Category

ISPConfig 3.0.5.4p9 released

Dienstag, März 29, 2016 posted by admin

What’s new in ISPConfig 3.0.5.4p9

This release contains an important security fix for an insufficient validation of the PHP version selector.

Scope of the issue: an attacker would require a valid ISPConfig login with access to the web module. The issue affects the ISPConfig interface only, on a multiserver system, only the interface server(s) have to be patched.

Thank you to Timo Boldt https://git.ispconfig.org/u/timo.boldt for reporting this issue!

The fix can be applied by updating to ISPConfig 3.0.5.4p9 or by using the ISPConfig patch tool.

Use the Patch tool

Run the command:

ispconfig_patch

as root user on the shell. Enter the following patch code when requested by the tool:

3054_phpversion

Use the normal ISPConfig update procedure with the ispconfig_update.sh command.

See details at the end of this post.

The „Reconfigure services“ option can be answered with „no“ on servers that run ISPConfig 3.0.5.4p8.

See changelog link below for a list of all changes that are included in this release.

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p9.tar.gz

Changelog

https://git.ispconfig.org/ispconfig/ispconfig3/milestones/50

Known Issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

BUG Reporting

Please report bugs to the ISPConfig bug tracking system:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

– Debian Etch (4.0) – Jessie (8.0) and Debian testing
– Ubuntu 7.10 – 15.10
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 8
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
Kommentare deaktiviert für ISPConfig 3.0.5.4p9 released

How to install PHP 7 as PHP-FPM & FastCGI for ISPConfig 3 on Debian 8

Donnerstag, Dezember 3, 2015 posted by admin

The final version of PHP 7 is available for download on Github and the PHP mirrors now. PHP7 is the next generation of the PHP programming language, it is up to 2 times faster than PHP 5.6 and 14 times faster than PHP 5.0 according to the release notes. The new PHP version is not 100% compatible with PHP 5.x as some deprecated API’s have been removed, so it is a good idea to start testing your web sites for compatibility with this new release. This can be done easily and without affecting all sites on your server by using the multi PHP version feature in ISPConfig 3. The PHP version can be selected in the ISPConfig 3 website settings for each site individually. This feature works with PHP-FPM and FastCGI. This tutorial shows how to build the new PHP 7 as a PHP-FPM and a FastCGI version on a Debian Jessie server. These PHP 7 builds include Zend OPcache.

Read more

https://www.howtofor…hp-7-on-debian/

Kommentare deaktiviert für How to install PHP 7 as PHP-FPM & FastCGI for ISPConfig 3 on Debian 8

The new Nginx Perfect Server tutorial for Ubuntu 15.10 is available at Howtoforge.

This tutorial shows the steps to install an Ubuntu 15.10 (Wiley Werewolf) server with Nginx, PHP, MariaDB, Postfix, pure-ftpd, BIND, Dovecot and ISPConfig 3. ISPConfig 3 is a web hosting control panel that allows you to configure the installed services through a web browser. This setup provides a full hosting server with web, email (inc. spam and antivirus filter), Database, FTP and DNS services.

https://www.howtofor…nd-ispconfig-3/

Kommentare deaktiviert für The Perfect Server – Ubuntu 15.10 (nginx, MySQL, PHP, Postfix, BIND, Dovecot, Pure-FTPD and ISPConfig 3)

Automated ISPConfig 3 installation on Debian and Ubuntu

Donnerstag, Juli 9, 2015 posted by admin

The easy way to deploy ISPConfig 3 on your server is the ispconfig_setup script from servisys. The script is a implementation of the perfect server setup instructions. This HowtoForge tutorial will show you how to use it:

https://www.howtofor…-script-debian/

Kommentare deaktiviert für Automated ISPConfig 3 installation on Debian and Ubuntu

What’s new in ISPConfig 3.0.5.4p6

This release contains 2 important security fixes, solves a problem
in the APS installer and adds support for Debian 8 and Ubuntu 15.04.

It is highly recommended to install this patch release immediately!

The „Reconfigure services“ option can be answered with „no“ on servers
that run ISPConfig 3.0.5.4p5.

See changelog link below for a list of all changes that are included in this release.

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p6.tar.gz

Changelog

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=84&status[]=

Known Issues:

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

BUG Reporting

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

Supported Linux Distributions

– Debian Etch (4.0) – Wheezy (7.0) and Debian testing
– Ubuntu 7.10 – 15.04
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 8
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

Code:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
Kommentare deaktiviert für ISPConfig 3.0.5.4 Patch 6 has been released (Important security update)

ISPConfig Tutorials für Debian 8 und Ubuntu 15.04

Donnerstag, Mai 7, 2015 posted by admin

Es stehen 2 neue englischsprachige Tutorials für ISPConfig 3 auf Howtoforge zur Verfügung:

The Perfect Server – Ubuntu 15.04 (Vivid Vervet) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3

https://www.howtoforge.com/tutorial/perfect-server-ubuntu-15.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/

The Perfect Server – Debian 8 Jessie (Apache2, BIND, Dovecot, ISPConfig 3)

https://www.howtoforge.com/tutorial/perfect-server-debian-8-jessie-apache-bind-dovecot-ispconfig-3/

Kommentare deaktiviert für ISPConfig Tutorials für Debian 8 und Ubuntu 15.04

ISPConfig 3.0.5.4 Patch 5 released

Dienstag, Oktober 28, 2014 posted by admin

What’s new in ISPConfig 3.0.5.4p5

This release introduces support for Ubuntu 14.10 and fixes some Bugs.

See changelog link below for a list of all changes that are included in this release.

—————————————————–
– Download
—————————————————–

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p5.tar.gz

————————————
– Changelog
————————————

http://bugtracker.ispconfig.org/index.php?do=index&tasks=&project=3&due=83&status[]=

————————————–
– Known Issues:
————————————–

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

————————————–
– BUG Reporting
————————————–

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

—————————————-
– Supported Linux Distributions
—————————————-

– Debian Etch (4.0) – Wheezy (7.0) and Debian testing
– Ubuntu 7.10 – 14.10
– OpenSuSE 11 – 13.1
– CentOS 5.2 – 7
– Fedora 9 – 15

—————————————–
– Installation
—————————————–

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

——————————————
– Update
——————————————

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

——————————————-
– Manual update instructions
——————————————-

cd /tmp
 wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
 tar xvfz ISPConfig-3-stable.tar.gz
 cd ispconfig3_install/install
 php -q update.php
Kommentare deaktiviert für ISPConfig 3.0.5.4 Patch 5 released

ISPConfig 3.0.5.4 Patch 2 released

Freitag, August 1, 2014 posted by till

ISPConfig 3.0.5.4 Patch 2 is available for download. This is a patch release for ISPConfig 3.0.5.4 that fixes some issues that were found in the last version.

http://www.ispconfig…-vulnerability/

CERT Tracking ID: VRF#HYB1YX6V

See changelog link below for a list of all changes that are included in this release.


—————————————————–
– Download
—————————————————–

The software can be downloaded here:

http://prdownloads.s….0.5.4p2.tar.gz

————————————
– Changelog
————————————

http://bugtracker.is…ue=80&status[]=

————————————–
– Known Issues:
————————————–

Please take a look at the bugtracker:

http://bugtracker.ispconfig.org

————————————–
– BUG Reporting
————————————–

Please report bugs to the ISPConfig bugtracking system:

http://bugtracker.ispconfig.org

—————————————-
– Supported Linux Distributions
—————————————-

– Debian Etch (4.0) – Wheezy (7.0) and Debian testing
– Ubuntu 7.10 – 14.04
– OpenSuSE 11 – 13.1
– CentOS 5.2 – 6.5
– Fedora 9 – 15

—————————————–
– Installation
—————————————–

The installation instructions for ISPConfig can be found here:

http://www.ispconfig…/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

——————————————
– Update
——————————————

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

A „reconfigure services“ is not required for this patch update.

Detailed instructions for making a backup before you update can be found here:

http://www.faqforge….te-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

——————————————-
– Manual update instructions
——————————————-

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
Kommentare deaktiviert für ISPConfig 3.0.5.4 Patch 2 released

ISPConfig Authenticated Remote Code Execution (CVE-2013-3629)

Donnerstag, Oktober 31, 2013 posted by till

Metasploit has released a vulnerability notice for the ISPConfig project:

http://packetstormse…e/CVE-2013-3629

Short Description

A correctly authenticated ISPconfig server administrator is able to upload language files into ISPConfig on his own server which potentially may contain malicious php code.

Questions and answers

Q: Can someone attack my server trough this exploit remotely?
A: No.

Q: Is this a privilege escalation issue?
A: No.

Q: Can a client or reseller attack my server trough this vulnerability?
A: No.

Q: Is a fix available for this Issue?
A: Yes, a fix is available since september 4th
http://www.ispconfig…ig/patches.html
The patch ID is: 3053_langimport

Q: How can my server be affected by this vulnerability?
A: The only way to misuse this potential vulnerability on an unpatched
server is that the server administrator downloads a language file
from an untrusted source and then uploads this language file into
ISPConfig on his own server after he authenticated himself correctly
as server administrator. So the risk that someone is affected by
this issue at all is very low.

Q: How did you fix it?
A: We implemented a stricter parser for the language files to avoid
that language files with malicious code get written to disk when
uploaded by the administrator. Additionally we added a warning text
to remind the administrator to not upload files from untrusted
sources to his server.

Q: What about the article at PCWorld and the blog from Metasploit?
A: Metasploit and PCWorld published a misleading article about this
potential vulnerability in ISPConfig and some other OS projects
were they claim that we haven’t and even won’t patch this issue while
the issue is indeed patched since Sept 4th.
We informed metasploit about that on Sept 4th. This can be verified
by everyone in our svn log:

Revision 4144 from our SVN stable branch:
svn://svn.ispconfig.org/ispconfig3/branches/ispconfig-3.0.5

The patch was also published on the ISPConfig patch page the same
day. The disclosure was sent to us encrpyted with our pgp key and
also our contact information is linked on every page on the
ispconfig.org website, so the information that we can not be reached
or that the disclosure could not be sent to us securely as stated by
PCWorld is just wrong.

Kommentare deaktiviert für ISPConfig Authenticated Remote Code Execution (CVE-2013-3629)

Ubuntu 13.10 Upgrade Warnung

Mittwoch, Oktober 23, 2013 posted by till

Ubuntu 13.10 wurde vor kurzem veröffentlicht. Diese neue Ubuntu Version verwendet Apache 2.4, was zu verschiedenen Problemen führt da Apache 2.4 eine neue Konfigurationssyntax verwendet. ISPConfig 3.0.5.3 ist noch nicht kompatibel mit Apache 2.4. Wir raten daher von einem Update auf Ubuntu 13.10 ab bis Apache 2.4 in ISPConfig unterstützt wird.

Kommentare deaktiviert für Ubuntu 13.10 Upgrade Warnung