Our Sponsors

Die ISPConfig Entwicklung wird unterstützt von der projektfarm GmbH Lüneburg.

ISPConfig 3.0.5.4p9 released

Dienstag, März 29, 2016 posted by admin

What’s new in ISPConfig 3.0.5.4p9

This release contains an important security fix for an insufficient validation of the PHP version selector.

Scope of the issue: an attacker would require a valid ISPConfig login with access to the web module. The issue affects the ISPConfig interface only, on a multiserver system, only the interface server(s) have to be patched.

Thank you to Timo Boldt https://git.ispconfig.org/u/timo.boldt for reporting this issue!

The fix can be applied by updating to ISPConfig 3.0.5.4p9 or by using the ISPConfig patch tool.

Use the Patch tool

Run the command:

ispconfig_patch

as root user on the shell. Enter the following patch code when requested by the tool:

3054_phpversion

Use the normal ISPConfig update procedure with the ispconfig_update.sh command.

See details at the end of this post.

The „Reconfigure services“ option can be answered with „no“ on servers that run ISPConfig 3.0.5.4p8.

See changelog link below for a list of all changes that are included in this release.

Download

The software can be downloaded here:

http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.4p9.tar.gz

Changelog

https://git.ispconfig.org/ispconfig/ispconfig3/milestones/50

Known Issues

Please take a look at the bug tracker:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

BUG Reporting

Please report bugs to the ISPConfig bug tracking system:

https://git.ispconfig.org/ispconfig/ispconfig3/issues

Supported Linux Distributions

– Debian Etch (4.0) – Jessie (8.0) and Debian testing
– Ubuntu 7.10 – 15.10
– OpenSuSE 11 – 13.2
– CentOS 5.2 – 8
– Fedora 9 – 15

Installation

The installation instructions for ISPConfig can be found here:

http://www.ispconfig.org/ispconfig-3/documentation/

or in the text files (named INSTALL_*.txt) which are inside the docs folder of the .tar.gz file.

Update

To update existing ISPConfig 3 installations, run this command on the shell:

ispconfig_update.sh

Select „stable“ as the update resource. The script will check if an updated version of ISPConfig 3 is available and then download the tar.gz and start the setup script.

Detailed instructions for making a backup before update can be found here:

http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/

If the ISPConfig version on your server does not have this script yet, follow the manual update instructions below.

Manual update instructions

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php


Comments are closed.