Server Software Notification List

Server Software Notification List Message - updates for 1/9/2012 to 1/11/2012

2012-01-06T19:20:32Z

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 11/7/2011 to 11/16/2011

2011-11-08T21:37:55Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

Important updates in this Notification:
The following updates affect popular or important services and programs:
• MySQL (v3)
• ClamAV (v3)
• Spamassassin (v3)
• Apache (v3)
• Sendmail (v3)
• phpMyAdmin (v3)
• OpenSSH (v3)
• OpenSSL (Sig)

---------------------------------
FreeBSD MPS/VPS v3
---------------------------------

This document contains information for the group of server updates (or dist) occurring November 07, 2011 through November 09, 2011 in all datacenters. Until that time, all of the information included in this document is subject to change.

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

Important services to be restarted:
The following services will be restarted by Verio as part of the update:
• apache
• clamav
• spamd
• sshd
• sendmail
• runaway_watcher

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

* MySQL-5.5.15

The vinstall for MySQL5.5 will be upgraded to version 5.5.15.

To upgrade existing installations of MySQL 5.5.x, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.5

* MySQL-5.1.58

The vinstall for MySQL5.1 will be upgraded to version 5.1.58.

To upgrade existing installations of MySQL 5.1.x, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.1

* phpMyAdmin-3.4.3.2

The vinstall for phpMyAdmin will be upgraded to version 3.4.3.2.

To upgrade existing installations of phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:
# vinstall phpmyadmin

* Postgresql-8.4.8

The vinstall for Postgresql will be upgraded to version 8.4.8.

To upgrade existing installations of Postgresql8, connect to your server through SSH and execute the following from the command prompt:
# vinstall postgresql8

* Spamassassin-3.3.2

Spamassassin will be upgraded to version 3.3.2.

To upgrade Spamassassin, connect to your server through SSH and execute the following from the command prompt:
# vinstall spamassassin

* ClamAV-0.97.2

ClamAV will be upgraded to version 0.97.2. This upgrade fixes problems with the bytecode engine, Safebrowsing detection, hash matcher, and other minor issues.

To upgrade ClamAV, connect to your server through SSH and execute the following from the command prompt:
# vinstall clamav

* Innotop-1.8.0

Innotop will now be available as a vinstall. Innotop replaces mtop for newer versions of MySQL.

To install innotop, connect to your server through SSH and execute the following from the command prompt:
# vinstall innotop

No Action Needed

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* Apache 2.2.20

Apache will be upgraded to version 2.2.20 to address the security vulnerability (CVE-2011-3192) discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192

* sendmail 8.14.5

Sendmail will be upgraded to version 8.14.5.

* mod_perl-2.0.5

mod_perl will be upgraded to version 2.0.5

* OpenSSH 5.8p2

OpenSSH will be upgraded to version 5.8p2. This upgrade is required to execute ssh_keygen which may generate a new file on the server.

* lsof 4.85D_1,5

lsof will be upgraded to version 4.85D_1,5.

* GlobalSign SSL

The GlobalSign SSL install will be updated to use the DocumentRoot path as the location for the CSR validation for the domain which the SSL certificate is being installed.

* gpg.conf

New users will now have a .gnupg/gpg.conf file on creation.

* ruby+nopthreads-1.8.7.334,1

Ruby has been repackaged and will be reinstalled to correct missing dependencies.

* Python-2.5.6

Python will be upgraded to version 2.5.6.

-----------------------------
Signature
-----------------------------

This release will be sent to all Signature servers on this schedule:
Sterling, VA DC on 11/10/11
San Jose, CA DC on 11/15/11
Tokyo, JP3 DC on 11/16/11
Tokyo, JP4 DC on 11/16/11

Important services to be restarted:
The following services will be restarted by Verio as part of the update:
• qmail
• dovecot
• proftpd

* Qmail - Rebuild qmail with OpenSSL 0.9.8 for PCI compliance- This is a rebuild of qmail to include OpenSSL 0.9.8 which required a rebuild of OpenLDAP 2.2.18

* Dovecot - Rebuild Dovecot 1.1.7 with OpenSSL 0.9.8 Becomes dovecot-1.1.7a- This is a rebuild of Dovecot 1.1.7 with OpenSSL 0.9.8 for PCI Compliance. This includes a rebuild of OpenLDAP.

* ProFTP - ProFTPd Built With OpenSSL 0.9.8- This is for building ProFTPd with OpenSSL 0.9.8 for PCI compliance.

* Add years 2011-2020 on drop down list on Podcast Manager- Added years 2011 through 2020 in the year dropdown on Podcasting manager.

* Signature - Update Version history to 7.4- This case involves the Version History which appears in the Signature Control Panel. This will be updated once the 7.4 items are finalized.

* Signature: File Restore confirmation message is misspelled- The confirmation message in File restore under Files and Utilities section is “All Files has been restored” when it should be “All Files have been restored”.

* Remove language selector from wordpress disabled screen- Removed language drop-down from the WordPress disabled screen.
Note: The string "You may change the default WordPress language after it has been installed and enabled. " will be updated in the 7.5 Dist.

Reminder: Customers have access to a tool in their Control Panel which enables them to upgrade from MySQL 4 to MySQL 5. We encourage customers to use this tool in order to take advantage of future software updates!

Notices
Document Source
This document was written by:
VERIO, Inc.
1230 North Research Way, Orem, UT 84097

Copyright: 1995-2011 by VERIO Inc. All rights reserved.

Disclaimers

The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: VERIO CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of expressed or implied warranties in certain transactions; therefore, this statement might not apply to you.

The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

This document might contain reference to, or information about, VERIO products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that VERIO intends to announce such VERIO products, programming, or services in your country.

Trademarks

VERIO and VERIO-related product names are trademarks of VERIO Inc.
All other trademarks in this document are the property of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 6/14/2011 to 6/22/2011

2011-06-15T21:04:14Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

The following updates will be sent out to all servers on the following platform:

------------------------------
Signature
------------------------------

The following dist will be sent out as follows:
Sterling, VA DC on 6/14/2011
San Jose, CA DC on 6/15/2011
Tokyo, JP (JP3) DC on 6/22/2011
Tokyo, JP (JP4) DC on 6/22/2011

* PHP

Upgrade PHP version to 5.2.17. This upgrade contains bug fixes and enhancements. For more information, see: http://www.php.net/ChangeLog-5.php.

* WordPress

Upgrade WordPress to version 3.1. WordPress 3.1 will be available to all new customers at install. All current WordPress customers should upgrade to this version. Since the last time an update was disted, WordPress fixed a critical security bug in the HTML sanitation library. For more information, see: http://wordpress.org/news/2010/12/3-0-4-update/ and http://wordpress.org/news/2011/02/threeone/.

* Counter
Access counter is unable to edit 'index.html' Updated code so that the Counter feature records hits on */* and /index.htm.

* PWD.db Update

Directory /etc/pwd.db includes other account information. Updated code so that the userID is now longer visible in the etc/pwd.db.

*Help Files

Signature 7.2 What is New file. Updated code so that the pertinent visible updates to the 7.2 release are visible in the Version History Report on the Control Panel.

* Hosts.allow

Users ~/etc/hosts.allow does not work. Fixed so that /etc/hosts.allow is now a symlink to ~/etc/hosts.allow.

*Webmail fix

Custom filter (Multibyte char filtering) for “WebMail at field "Cc" - is not empty” does not work. Updated code so that customers can use this filter.
*SSL certs UI fix

Improper graphic in certs UI. Updated code so that the red "x-mark"(error.gif) does not show up when the messages "Private key installed" or "Certificate has been installed" are displayed.

* Email Forward UI fix

Unable to delete email forward address. Updated code so that certain email forward addresses could be deleted.

* SSL key script fix

SSL key generation script was returning 1024 bit csr. Fixed to return 2048 bit csr.

* Intermediate Certificates Added to Dist
RapidSSL Intermediate Certificate
Rapid SSL Intermediate Certificate
VeriSign Intermediate Certificate
GlobalSign Intermediate Certificates

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes may occur and those will be documented in new notifications. These updates may reflect code changes/additions or edits that increase the accuracy of this report. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described here at any time. Verio and the Verio logo are trademarks and/or service marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners.

This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 3/21/2011 to 3/23/2011

2011-03-18T23:08:25Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

This document contains information for the group of server updates (or dist) occurring March 21, 2011 through March 23, 2011 in all datacenters. Until that time, all of the information included in this document is subject to change.

Most VPS and MPS updates do not require action by customers to receive the full benefits of the update. Some updates may require action by customers to receive all benefits of the update, but usually this action is optional, such as updating to the latest version of software. Updates for each platform in this document are grouped together according to any (optional) action needed or no action needed, with those updates possibly requiring action listed first.

Important updates in this Notification:

The following updates affect popular or important services and programs:
• ClamAV (Linux and v3)
• PHPMyAdmin (Linux and v3)
• Proftpd (Linux and v3)
• Spamassassin (Linux and v3)
• MySQL (Linux)
• Ports Tree Upgrade (v3)

--------------------------------
Linux VPS/MPS
--------------------------------

The following updates will be made to the Linux VPS/MPS platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:
• clamd (ClamAV)
• spamd (Spamassassin)

Possible Action Needed

The following Linux VPS/MPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

* Squirrelmail-1.4.21

Squirrelmail will be upgraded to version 1.4.21.

To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:
# vinstall squirrelmail

* phpMyAdmin

The vinstall for phpMyAdmin will be upgraded to the latest versions.

The vinstall will install phpMyAdmin version 3.3.9.1 if PHP5 and MySQL5 are running, otherwise the vinstall will install phpMyAdmin version 2.11.11.2.

To upgrade existing installations of phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:
# vinstall phpmyadmin

* Mysql-5.1.55

The Mysql vinstall will be upgraded to version 5.1.55.

To upgrade existing installations of mysql, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql

No Action Needed

The following Linux VPS/MPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* Apache Restart

The restart_apache script will be updated to first try a simple reload when called from savelogs.

* Proftpd-1.3.3d

Proftpd will be upgraded to version 1.3.3d.
http://proftpd.org/docs/RELEASE_NOTES-1.3.3d

* Spamassassin 3.3.1

Spamassassin will be upgraded to version 3.3.1.

* ClamAV-0.97

ClamAV will be upgraded to version 0.97.

----------------------------------
FreeBSD VPS/MPS v3
----------------------------------

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

Important services to be restarted:

The following services will be restarted by Verio as part of the update:
• clamd (ClamAV)
• named (Bind)
• Apache
• Sendmail
• saslauthd
• spamd (Spamassassin)

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

* Squirrelmail-1.4.21

Squirrelmail will be upgraded to version 1.4.21.

To upgrade existing installations of Squirrelmail, connect to your server through SSH and execute the following from the command prompt:
# vinstall squirrelmail

* phpMyAdmin

The vinstall for phpMyAdmin will be upgraded to the latest versions.

The vinstall will install phpMyAdmin version 3.3.9.1 if PHP5 and MySQL5 are running, otherwise the vinstall will install phpMyAdmin version 2.11.11.2.

To upgrade existing installations of phpMyAdmin, connect to your server through SSH and execute the following from the command prompt:
# vinstall phpmyadmin

No Action Needed

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* ClamAV-0.97

ClamAV will be upgraded to version 0.97.

* Apache Restart

The restart_apache script will be updated to first try a simple reload when called from savelogs.

* Proftpd-1.3.3d

Proftpd will be upgraded to version 1.3.3d.
http://proftpd.org/docs/RELEASE_NOTES-1.3.3d

* OpenSSL-1.0.0d

OpenSSL will be upgraded to version 1.0.0d and 0.9.8r to address the following:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0014

* mod_python

mod_python will be upgraded to version 3.3.1_3

* Ruby

Ruby will be updated - ruby+nopthreads-1.8.7.302,1

* Ports Tree Update

The ports tree was updated including the following:
Upgrade pcre to version 8.12
Update netcat to version 1.10_3
Upgrade pkg_install
Upgrade pkg-config to version 0.25_1
Add fftw3-3.2.2_1 to fix an ImageMagick dependency
Upgrade png to version 1.4.5
Add jbig2dec to fix an ImageMagick dependency
Upgrade mimesupport to version 3.51.1
Upgrade mutt-devel to version 1.5.21
Upgrade gnupg to version 2.0.16_6
Add gpgme-1.3.0_3 (mutt dependency)
Upgrade readline to version 6.1
Upgrade lftp to version 4.1.2
Upgrade m4 to version 1.4.15,1
Update automake to version 1.4.6_6
Upgrade automake-wrapper to version 20101119
Upgrade autoconf to versopn 2.68
Upgrade autoconf-wrapper to version 20101119
Upgrade ncftp to version 3.2.4
Delete cairo-1.8.8,1
Upgrade mhash to verison 0.9.9.9_1
Upgrade ja-nkf to verison 2.1.1,1
Upgrade rsync to version 3.0.7
Upgrade jpeg to version 8_3 (jpegsrc.v8b)
Upgrade tiff to version 4.0.0
Upgrade netpbm to version 10.26.64_4
Update libiconv to port revision 1.13.1_1
Update ja-groff to port revision 1.18.1_13
Update ja-less+iso to port revision 382.262_1
Update lrzsz to port revision 0.12.20_3
Upgrade ksh93 to version 20100309
Upgrade unzip to verion 6.0
Upgrade gettext to version 0.18.1.1 (old libs put in /usr/local/lib/compat)
Update aspell to rev 0.60.6_5, and repackage it as aspell-without-dicten
Upgrade en-aspell to version 7.1.0
Upgrade es-apsell to version 1.11.2,1
Upgrade xz to version 5.0.0
Upgrade gtar to verison 1.25_1
Upgrade libtool and libltdl to version 2.2.10
Update cyrus-sasl to the latest port revision 2.1.23_1
rebuilt cyrus-sasl-saslauthd against the new revision of cyrus-sasl
Update expat to the latest port revision 2.0.1_1
Upgrade mpfr to version 3.0.0
Update gcc-4.2.5 to revision 20090325_5
Upgrade cdialog to version 1.1.20100428,1
Upgrade ja-FreeWnn-lib to version 1.1.1.a021_9
Upgrade ja-canna-lib to version 3.7p3_8
Upgrade ja-mecab to version 0.98
Upgrade ja-namazu2 to version 2.0.19
Upgrade ja-p5-MeCab to version 0.98
Upgrade ja-p5-nkf to version 2.1.1,1
Upgrade namazu2 to version 2.0.20_1
Upgrade lzo2 to version 2.04
Update procmail to revision 3.22_7
Upgrade compat5x to version 5.4.0.8.1_1
Upgrade p5-version-0.88
Upgrade p5-Params-Check-0.26_1
Upgrade p5-NetAddr-IP-4.038
Upgrade p5-Module-Load-Conditional-0.38
Upgrade p5-Module-Load-0.18
Upgrade p5-Module-CoreList-2.42
Upgrade p5-Locale-Maketext-Simple-0.21
Upgrade p5-IPC-Cmd-0.68
Upgrade p5-ExtUtils-CBuilder-0.2802_1,1
Upgrade p5-Compress-Raw-Lzma-2.031_1
Upgrade p5-Archive-Tar-1.76
Upgrade openldap-client version to 2.4.23
Upgrade curl to version 7.21.3
Update linux_base-fc-4 to revision 15
Upgrade/reinstall linux-fontconfig 2.2.3_9 & linux-expat 1.95.8_2 after the linux_base update
Update/Upgrade p5-Date-Manip 6.20_1 & p5-YAML-Syck 1.17
Upgrade popt to version 1.16
Upgrade p5-Storable 2.25 & p5-Locale-gettext 1.05_3
Upgrade/Update gmake 3.81_4 and gawk 3.1.8
Upgrade libgpg-error to version 1.10
Upgrade sudo to version 1.7.4.6
Upgrade e2fsprogs-libuuid to version 1.41.14
Upgrade emacs to version 23.2
Upgrade libgcrypt to version 1.4.6
Upgrade p5-Mail-DKIM to version 0.39
Upgrade IO-Socket-SSL to version 1.38
Upgrade p5-Digest-SHA to version 5.50
Upgrade libslang2 to version 2.2.3
Update most to version 5.0.0_1
Upgrade libksba to version 1.1.0
Upgrade vim-lite to version 7.3.81
Upgrade unrar to version 4.00.b4
Upgrade gnutls to version 2.8.6
Update Lua to the latest port revision 5.1.4_5
Upgrade libxml2 to version 2.7.8
Upgrade help2man to version 1.38.4
Upgrade freetype to version 2.4.4
Upgrade lynx to version 2.8.8d7
Update wget to version 1.12_2
Upgrade libxslt to version 1.1.26
Upgrade bison to version 2.4.3
Upgrade nmap to version 5.50
Upgrade libpthread-stubs to version 0.3
Upgrade makedepend to verison 1.0.2
Upgrade libassuan to version 2.0.1
Upgrade libunrar to veriosn 3.9.10
Upgrade imake to version 1.0.3
Upgrade sqlite3 version to 3.7.4
Upgrade bash to version 4.1.9
Update nmh to the latest port revision 1.2_3
Upgrade python25 to version 2.5.5
Update alpine to the latest port revision 2.00_2
Update rpm to the ports latest revision 3.0.6_15
Update arj to the latest port revision 3.10.22_4
Upgrade glib to version 2.26.1
Upgrade zsh to version 4.3.10
Upgrade portupgrade to veriosn 2.4.8
Update gamin to match the latest port revision 0.1.10_4
Upgrade pinentry-curses to verison 0.8.1
Update p5-Mail-SpamAssassin 3.3.1_3 & sa-utils 0.02_1 to their latest port revisions
Upgrade lcms to version 1.19
Upgrade gsed to version 4.2.1
Upgrade dirmngr to version 1.1.0
Upgrade nas to version 1.9.2.
Upgrade gio-fam-backend to version 2.26.1
Update liblqr to match the latest port revision 1-0.4.1_2
Update the ghostscript8 package to match the latest port revision nox11-8.71_6
Rebuilt ImageMagick against all the new libs 6.6.6.10
Remove libtool from the base system
Upgrade png to version 1.4.5
Upgrade python to version 2.5.5
Upgrade pkg-config to version 0.25
Upgrade db41 to version 4.1.25
Upgrade gnupg to version 2.0.17
Update gsfonts revision to the latest port revision 8.11_5
Upgrade lzop to version 1.03
The latest port revision of cyrus-sasl 2.1.23_3
Base system upgrades:
lsof-4.85A,5
libiconv-1.13.1_1
gettext-0.18.1.1
bash-4.1.9
ruby+nopthreads-1.8.7.302,1
ruby18-bdb-0.6.5_1
portupgrade-2.4.8_1,2
pcre-8.12
glib-2.26.1_1
libslang2-2.2.3
most-5.0.0_1
nmap-5.50
lua-5.1.4_5
libidn-1.16
mutt-devel-lite-1.5.21
arcconf-v6.50.18579
cyrus-sasl-2.1.23_1
expat-2.0.1_1
net-snmp-5.5_4
portupgrade-devel-20101123_1,1
readline-6.1
vim-lite-7.3.81
wget-1.12_2

Copyright 1995-2010 by VERIO Inc. All rights reserved.

Disclaimers

The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: VERIO CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of expressed or implied warranties in certain transactions; therefore, this statement might not apply to you.

The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

This document might contain reference to, or information about, VERIO products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that VERIO intends to announce such VERIO products, programming, or services in your country.

Trademarks

VERIO and VERIO-related product names are trademarks of VERIO Inc.
All other trademarks in this document are the property of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 1/10/2011 - 1/12/2011

2011-01-11T15:59:09Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

Important: This document contains information for the group of server updates (or dist) occurring January 10, 2011 through January 12, 2011 in all datacenters. Until that time, all of the information included in this document is subject to change.

Important updates in this Notification:
The following updates affect popular or important services and programs:
• MySQL (Linux and v3)
• ClamAV (Linux and v3)
• Accrisoft Freedom (Linux and v3)
• Miva Empresa (Linux and v3)
• ProFTPd (v2)

--------------------------
Linux VPS/MPS
--------------------------

The following updates will be made to the Linux VPS/MPS platform.

Important services to be restarted:
The following services will be restarted by Verio as part of the update:
* clamd (ClamAV)

Possible Action Needed

The following Linux VPS/MPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

* Mysql-5.1.52

The Mysql vinstall will be upgraded to version 5.1.52. In addition, this update will also address a bug that failed to add the mysql user to the passwd file.

To upgrade existing installations of mysql, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql

* ClamAV-0.96.4

ClamAV will be upgraded to version 0.96.4. This upgrade will also correct an issue where the cronjob for freshclam was failing to create when installing ClamAV using quiet mode or via CPX.

To upgrade to ClamAV 0.96.4, connect to your server through SSH and execute the following from the command prompt:
# vinstall clamav

* Freedom-6.6.010

Accrisoft Freedom version 6.6.010 will now be available for new installations. Existing installations must be upgraded manually. If you are interested in upgrading, contact your Account Manager.

* wordpress-3.0.1

Wordpress will be upgraded to version 3.0.1. This upgrade will also address several outstanding issues.

To upgrade existing installations of Wordpress, connect to your server through SSH and execute the following from the command prompt:
# vinstall wordpress

No Action Needed

The following Linux VPS/MPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* Mivavm-5.09

Miva Empresa will be upgraded to version 5.09.

* Majordomo

The Majordomo vinstall will be updated to address an issue where the install was modifying the sendmail.cf file rather than the sendmail.mc file. Updating the sendmail.cf file would cause the Majordomo changes to be lost the next time the sendmail.mc file was updated.

* Dovecot --mbox

The Dovecot --mbox install will be updated to address an issue when changing Dovecot from the maildir format to the mbox format when using CPX along with Dovecot. The mail delivery paths to the Junk and Quarantine folders located within the .procmailrc file were failing to change to the appropriate directory for proper delivery.

* vadduser

vadduser will be updated to now provide a warning message if the username that has been entered has uppercase characters. The warning message will notify you that the uppercase letters will be changed to lowercase.

* vuninstall clamav

The vuninstall script for ClamAV will be updated to correct an issue where the uninstall was failing to properly remove the ClamAV settings from the .procmailrc file when CPX is installed.

* vuninstall spamassassin

The vuninstall script for Spamassassin will be updated to correct an issue where the uninstall was failing to properly remove the Spamassassin settings from the .procmailrc file when CPX is installed.

* gcc-4.1.2-42.el5

gcc will be upgraded to version 4.1.2-42.el5.

* net-tools-1.60-40

Net-Tools will be upgraded to version 1.60-40.

* bash-3.0-19.3

Bash will be upgraded to version 3.0-19.3.

* bzip2-libs-1.0.2-13

bzip2-libs will be upgraded to version 1.0.2-13.

* libtermcap-2.0.8-39

libtermcap will be upgraded to version 2.0.8-39.

* mktemp-1.5

mktemp will be upgraded to version 1.5.

------------------------------------
FreeBSD VPS/MPS v3
------------------------------------

The following updates will be made to the FreeBSD VPS/MPS v3 platform.
Important services to be restarted:

The following services will be restarted by Verio as part of the update:
* clamd (ClamAV)

Possible Action Needed

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

* Mysql-5.1.52

The Mysql vinstall will be upgraded to version 5.1.52. In addition, this update will also address a bug that failed to add the mysql user to the passwd file.

To upgrade existing installations of mysql, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql

* ClamAV-0.96.4

ClamAV will be upgraded to version 0.96.4. This upgrade will also correct an issue where the cronjob for freshclam was failing to create when installing ClamAV using quite mode or via CPX.

To upgrade to ClamAV 0.96.4, connect to your server through SSH and execute the following from the command prompt:
# vinstall clamav

* Freedom-6.6.010

Accrisoft Freedom version 6.6.010 will now be available for new installations. Existing installations must be upgraded manually. If you are interested in upgrading, contact your Account Manager.

* wordpress-3.0.1

Wordpress will be upgraded to version 3.0.1. This upgrade will also address several outstanding issues.

To upgrade existing installations of Wordpress, connect to your server through SSH and execute the following from the command prompt:
# vinstall wordpress

No Action Needed

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* Mivavm-5.09

Miva Empresa will be upgraded to version 5.09.

* Majordomo

The Majordomo vinstall will be updated to address an issue where the install was modifying the sendmail.cf file rather than the sendmail.mc file. Updating the sendmail.cf file would cause the Majordomo changes to be lost the next time the sendmail.mc file was updated.

* vuninstall

The vuninstall script will be added to include majorcool and wpoison.

-------------------------------
FreeBSD VPS/MPS v2
-------------------------------

The following updates will be made to the FreeBSD VPS/MPS v2 platform.
Important services to be restarted:

The following services will be restarted by Verio as part of the update:
* inetd

No Action Needed

The following VPS/MPS v2 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

* Proftpd-1.3.3c

Proftpd will be upgraded to version 1.3.3c. This upgrade will edit the /etc/proftpd.conf file and change the “DisplayFirstChdir” directive to “DisplayChdir” as the “DisplayFirstChdir” will no longer be a valid directive with the version update. In addition, the /etc/pam.conf file will be updated so that any “ftpd” entries are changed to “ftp” (if they exist). Lastly, the /etc/inetd.conf file will be updated to change the location of the proftpd binary.

* ClamAV

The ClamAV vinstall will be updated to correct an issue where the cronjob for freshclam was failing to create when installing ClamAV using quite mode or via CPX.

* vuninstall

Additional vuninstall scripts will be added to now include expect, majorcool and wpoison.

Notices
Document Source
This document was written by:
VERIO, Inc.
1230 North Research Way, Orem, UT 84097

Copyright 1995-2010 by VERIO Inc. All rights reserved.

Disclaimers

The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: VERIO CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of expressed or implied warranties in certain transactions; therefore, this statement might not apply to you.

The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

This document might contain reference to, or information about, VERIO products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that VERIO intends to announce such VERIO products, programming, or services in your country.

Trademarks

VERIO and VERIO-related product names are trademarks of VERIO Inc.
All other trademarks in this document are the property of their respective owners.

Requests for technical information about VERIO products should be made to VERIO Marketing Representatives.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - Updates for 9/10/2010 through 9/22/2010

2010-09-10T22:05:36Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

------------------------
Signature
------------------------

The following updates will be sent out to all Signature servers on the following schedule during the maintenance window:

Verio 6.4 FINAL Distribution Notification
These updates begin disting to the:
Sterling datacenter on 9/10/2010
San Jose datacenter on 9/20/2010
Tokyo Japan - JP3 datacenter on 9/22/2010
Tokyo Japan - JP4 datacenter on 9/22/2010

*Clam AV Update to 0.96.1
• Clam AV updated to v0.96.1 for the FreeBSD6 boxes only. This update will not be installed on the FreeBSD 4 boxes. This update contains many changes. For more information on these changes, go to: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.1

*FreeBSD Kernel 6.4 Update
• FreeBSD6 servers Kernel to FreeBSD 6.4
Servers will be rebooted for the kernel update. Maintenance notices will be sent out over the next couple weeks as individual servers are scheduled for the kernel reboot during the nightly maintenance windows.

*Gallery 2 Installation Message
• Code updated so that customers see the proper confirmation message when they successfully install Gallery 2. Previously, they would see a different success message.

*SpamAssassin Updates
• Code updated to v3.3.1 This update contains many changes. For more information about these changes, go to: http://spamassassin.apache.org/
• Code updated so that SpamAssassin configuration files no longer contain openwhois. Removing this old RBL file will result in a reduction of false positive spam results.

*File Sharing Bug Fix
• Code updated so that customers see the proper confirmation message when they un-share a file or directory. Previously, the Control Panel would display an incorrect confirmation message.

*Script Error Notification When Using Internet Explorer
• Code updated so that an Internet Explorer script error does not appear when accessing the Control Panel.

*Email Address Updates
• Code updated so that Mail Forward entries are checked for valid formatting. Previously, customers could add incorrectly formatted mail forwards without the Control Panel notifying them.
• Code updated so that customers cannot submit an email address starting with a space instead of a character.

*Control Panel Version History
• Control Panel Version History updated so that relevant code changes through version 6.4 are surfaced to customers.

*Intermediate Certificate Updates
• Added GeoTrust Intermediate Certificates
• Adding VeriSign Intermediate Certificates (VeriSign Class 3 Public Primary Certification Authority was installed before.)
• Added Thawte intermediate certificates.

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes may occur and those will be documented in new notifications. These updates may reflect code changes/additions or edits that increase the accuracy of this report. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described here at any time. Verio and the Verio logo are trademarks and/or service marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - emergency update - 6/04/2010

2010-06-04T22:10:55Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

The following emergency update is being sent out today to the following platforms:

------------------------------------------------------
Linux VPS/MPS, FreeBSD VPS/MPS v3, FreeBSD VPS/MPS v2
------------------------------------------------------

Verio will be addressing an outbound email latency issue impacting a handful of v3 accounts. Additionally, we will be modifying which mirrors all v2, v3 and Linux accounts will use for certain select RBL lookups for those customers who have RBLs enabled.

The update will consist of two stages:
1) Update code to all VPS/MPS servers
2) Run update to initiate the change for all existing servers. Named will be restarted on each physical server resulting in a few seconds of resolution downtime.

Anticipated deployment schedule is as follows:

Friday 6/4/2010 (MDT): Update code to all platforms in all datacenters.
Friday 6/4/2010 (MDT): Initiate changes to US East Coast datacenter.
Monday 6/7/2010 (MDT): Initiate changes to US West Coast and Europe datacenters.
Wednesday 6/9/2010 (MDT): Initiate changes to East Asia datacenters.

Notices
Document Source
This document was written by:
VERIO, Inc.
1230 North Research Way, Orem, UT 84097

Copyright 1995-2010 by VERIO Inc. All rights reserved.

Disclaimers
The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: VERIO CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of expressed or implied warranties in certain transactions; therefore, this statement might not apply to you.

The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

This document might contain reference to, or information about, VERIO products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that VERIO intends to announce such VERIO products, programming, or services in your country.

Trademarks

VERIO and VERIO-related product names are trademarks of VERIO Inc.
All other trademarks in this document are the property of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - emergency update - 4/23/2010

2010-04-26T18:01:11Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

------------------------------
FreeBSD VPS/MPS v2
------------------------------

The following emergency update (or dist) occurred on April 23, 2010 in all data centers.

/etc/rc

Verio will be reverting a change made previously to the /etc/rc file which allowed files in /usr/local/etc/rc.d to run without the .sh. After the update, only files with .sh in the /usr/local/etc/rc.d directory will run upon account or server reboot.

ClamAV startup scripts will also be properly modified to comply with this change.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 4/19/2010 through 4/21/2010

2010-04-15T16:48:00Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

Important: This document contains information for the group of server updates (or dist) occurring April 19, 2010 through April 21, 2010 in all datacenters. Until that time, all of the information included in this document is subject to change.

Important updates in this Notification:
The following updates affect popular or important services and programs:
• MySQL (Linux and v3)
• BIND (Linux)
• Apache (Linux and v3)
• Sendmail (Linux and v3)
• CPX (Linux and v3)

-----------------------
Linux MPS/VPS
-----------------------

The following updates will be made to the Linux VPS/MPS platform.

----------------------------
Possible Action Needed
----------------------------

The following Linux VPS/MPS updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

Mysql-5.0.89

The vinstall for Mysql 5 will be updated to version 5.0.89 to address the security vulnerability (CVE-2009-4028) discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4028

To update existing installations of Mysql 5, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.0

Bind 9.3.6

The default BIND implementation will be updated to version 9.3.6 to address a security vulnerability discussed here:

http://rhn.redhat.com/errata/RHSA-2010-0062.html

The local caching name server will be restarted as part of this update. For default installations, no action needed.

Note: For customers who have modified the default BIND implementation, Verio has updated the shared binary available in /skel as well as the RPM repository, but will not modify or restart custom BIND implementations. Those customers who have implemented their own BIND installation or configurations should update those implementations.

----------------------------
No Action Needed
----------------------------

The following Linux VPS/MPS updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Apache 2.0.63

Apache will be updated to version 2.0.63 to correct a bug and address the security vulnerabilities (CVE-2007-6388) and (CVE-2007-5000) discussed here:

http://www.apache.org/dist/httpd/Announcement2.0.html

Sendmail-8.14.4

Sendmail will be upgraded to version 8.14.4. This version update also brings Sendmail current for PCI Scan Compliance.

CPX 2.0.1

CPX 2.0.1 will introduce new features and resolves several outstanding issues. With CPX 2.0.1, the Domain Manager module now displays the number of users and email addresses as quick links and will also include an “email” and “user” usage option. Domains that have reached their limit are marked in red. Additional updates have been made to now include an error when forwarding an email to an invalid email address and when composing an email the “FROM:” list will display in alphabetical order.

In CPX 2.0.1 it is important to note what will occur when the hostname is changed via the Backroom to a domain that is currently listed in CPX. Performing this action will result in Apache moving the files for that domain to the main Document Root directory of the account. Moving the hostname or “main domain” to the Document Root directory is a general Apache use practice.

If you decide to change the hostname via the Backroom and do not want this move to occur, you will need to change the main Document Root directory path within the Apache configuration file (httpd.conf) prior to changing the hostname. It is also recommended that you review file permissions and access once the hostname has been changed.

This version also addresses several outstanding issues, included in the following:
• Issue with changes to the hostname not appropriately updating in Apache.
• Updates to the export Address Book feature.
• Problems with re-enabling a domain when the Domain Admin is enabled.
• Issues with the timezone displaying correctly for CPX users.
• Problem removing the user@domain email address from alias lists when deleting a user.
• Problems with autoreply.
• Added Encode::EUCJPMS encoding for outgoing webmail.
• Fix for encoding outgoing webmail in iso2022 to be compatible with MS Windows.
• Problems with the System Admin module not to displaying IPv6 IPs.
• Issues with the domain not being removed from local-host-names file when deleted in CPX.
• Corrected email timestamp issues.
• Issues when changes to the Domain Admin are external to CPX.

OpenVPN

The OpenVPN client certificate installation script will be updated to resolve a bug that does not allow a “-“ character to be used in the hostname.

Dovecot

The Dovecot installation has also been updated to use the default SSL certificate (securesites.net) instead of the generated Dovecot SSL (pem) files. If a custom SSL certificate is being used, the default SSL certificate will be replaced with the custom SSL certificate.

Spamassassin

The vinstall script for Spamassassin will be updated to execute “sa-update” to allow the rule sets to be updated at installation.

The vuninstall script for Spamassassin will also be updated to include the removal of the “sa-update” cron job.

restart_apache

The restart_apache script will be updated to address an issue regarding multiple restart_apache requests through CPX or crontab.

vedituser

vediteruser will be updated so that “nologin” is no longer recognized as a valid shell when granting shell access to a user.

SysVinit-2.85-34.4

SysVinit will be upgrade to address issues with rc startup scripts of various packages not executing properly at reboot.

------------------------------
FreeBSD MPS/VPS v3
------------------------------

The following updates will be made to the FreeBSD VPS/MPS v3 platform.

----------------------------
Possible Action Needed
----------------------------

The following VPS/MPS v3 updates may require additional attention or action to take advantage of the full benefits of the update. Any possible actions are listed at the end of the individual update information.

Mysql-5.0.89

The vinstall for Mysql 5 will be updated to version 5.0.89 to address the security vulnerability (CVE-2009-4028) discussed here:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4028

To update existing installations of Mysql 5, connect to your server through SSH and execute the following from the command prompt:
# vinstall mysql5.0

The vuninstall mysql script will be updated to ask if the /var/db/mysql directory should be removed. If responded with 'yes' then the directory is removed and the “mysql” user is deleted from the password files.

---------------------
No Action Needed
---------------------

The following VPS/MPS v3 updates do not require action by customers to take advantage of the full benefits of the update. Some services may be rebooted as part of the update.

Apache 2.2.14

Apache will be updated to version 2.2.14 to address several security vulnerabilities (CVE-2009-3094), (CVE-2009-3095), and (CVE-2009-2699) discussed here:

http://httpd.apache.org/security/vulnerabilities_22.html

Sendmail-8.14.4

Sendmail will be upgraded to version 8.14.4. This version update also brings Sendmail current for PCI Scan Compliance.

Apache httpd.conf
The MultiViews option will be removed from web document directories in the default Apache configuration file (httpd.conf). The MultiViews option is rarely used, and can lead to unexpected behavior when used inappropriately. The MultiViews option can still be added and will function properly. However, it will no longer be included in the default configuration file. This change affects new accounts only.

CPX 2.0.1

CPX 2.0.1 will introduce new features and resolves several outstanding issues. With CPX 2.0.1, the Domain Manager module now displays the number of users and email addresses as quick links and will also include an “email” and “user” usage option. Domains that have reached their limit are marked in red. Additional updates have been made to now include an error when forwarding an email to an invalid email address and when composing an email the “FROM:” list will display in alphabetical order.

In CPX 2.0.1 it is important to note what will occur when the hostname is changed via the Backroom to a domain that is currently listed in CPX. Performing this action will result in Apache moving the files for that domain to the main Document Root directory of the account. Moving the hostname or “main domain” to the Document Root directory is a general Apache use practice.

If you decide to change the hostname via the Backroom and do not want this move to occur, you will need to change the main Document Root directory path within the Apache configuration file (httpd.conf) prior to changing the hostname. It is also recommended that you review file permissions and access once the hostname has been changed.

This version also addresses several outstanding issues, included in the following:
• Issue with changes to the hostname not appropriately updating in Apache.
• Updates to the export Address Book feature.
• Problems with re-enabling a domain when the Domain Admin is enabled.
• Issues with the timezone displaying correctly for CPX users.
• Problem removing the user@domain email address from alias lists when deleting a user.
• Problems with autoreply.
• Added Encode::EUCJPMS encoding for outgoing webmail.
• Fix for encoding outgoing webmail in iso2022 to be compatible with MS Windows.
• Problems with the System Admin module not to displaying IPv6 IPs.
• Issues with the domain not being removed from local-host-names file when deleted in CPX.
• Corrected email timestamp issues.
• Issues when changes to the Domain Admin are external to CPX.

vrmuser

The vrmuser script will be updated to only check directives that contain actual user and group names. The vrmuser script was checking the entire http.conf file which would occasionally result in false warnings.

Notices
Document Source
This document was written by:
VERIO, Inc.
1230 North Research Way, Orem, UT 84097

Copyright 1995-2010 by VERIO Inc. All rights reserved.

Disclaimers
The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: VERIO CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of expressed or implied warranties in certain transactions; therefore, this statement might not apply to you.

The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

This document might contain reference to, or information about, VERIO products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that VERIO intends to announce such VERIO products, programming, or services in your country.

Trademarks

VERIO and VERIO-related product names are trademarks of VERIO Inc.
All other trademarks in this document are the property of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - updates for 1/27/2010

2010-01-28T01:04:49Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

-------------------
Signature
-------------------

The following updates will be sent out to all Signature servers beginning on 1-27-2010.

* Email Messages Routed to Spam Bug Fix
• Code updated so that blacklisted email addresses do not result in all email messages from that domain to be routed to SPAM. Now, when a customer adds an email like Joe@a_real_domain to a blacklist, other email messages from that domain will make it past the blacklist. Previously, when a customer added Joe@a_real_domain to their blacklist, email messages from others like jack@a_real_domain would go to trash. This update fixes that problem.

*MySQL V5 UPGRADE PROCESS—NEW INFORMATION

• MySQL V5 is now available for new customers.
IMPORTANT:
• Customers who start using MySQL at version 5 will not be able to revert to V4
• Current V4 customers who upgrade to V5 will not be able to revert back to V4 through the Control Panel for this release
• If current customers want to start using V5, they must have shell access and familiarity with shell commands

There are two procedures for upgrading to MySQL v5, one for customers with NO InnoDB tables, and for customers WITH InnoDB tables (customers with only MyISAM tables can use this procedure, too)::
o For customers with NO InnoDB tables:
1. Disable MySQL through the control panel
2. From Shell: Rename /usr/home/<userid>/etc/rc.d/mysql-server.sh /usr/home/<userid>/etc/rc.d/mysql-server.sh.old
3. Copy /usr/local/share/skel/etc/rc.d/mysql-server.sh to /usr/home/<userid>/etc/rc.d/mysql-server.sh
4. Enable MySQL through the control panel; this will start it with the existing databases, running the new version.
5. Run the mysql_upgrade script to update the tables to the new version: /usr/local/mysql5/bin/mysql_upgrade –u <user> -p
6. MySQL version 5.1.36 is installed

For customers WITH InnoDB tables or MyISAM tables:
Important: Upgrading InnoDB tables makes them become MyISAM tables
1. Dump the existing databases to a file, with mysqldump: mysqldump –all-databases –u <user> -p > outfile.sql. This will create a file called outfile.sql, which is a text file containing the SQL commands to recreate the database.
2. Disable MySQL through the control panel
3. Rename /usr/home/<userid>/etc/rc.d/mysql-server.sh /usr/home/<userid>/etc/rc.d/mysql-server.sh.old:
mv /usr/home/<userid>/etc/rc.d/mysql-server.sh /usr/home/<userid>/etc/rc.d/mysql-server.sh.old
4. Copy /usr/local/share/skel/etc/rc.d/mysql-server.sh to /usr/home/<userid>/etc/rc.d/mysql-server.sh: cp –p /usr/local/share/skel/etc/rc.d/mysql-server.sh to /usr/home/<userid>/etc/rc.d/mysql-server.sh
5. Copy /usr/local/share/skel/etc/rc.d/mysql-server.sh to /usr/home/<userid>/etc/rc.d/mysql-server.sh: mv /usr/home/<userid>/var/mysql /usr/home/<userid>/var/mysql.old
6. Enable MySQL through the control panel; this will start MySQL running the new version, and will create a new /usr/home/<userid>/var/mysql directory
7. Load the databases from the old file: mysql -u <userid> -p < outfile.sql
8. Flush the privileges to ensure that any changes to the mysql privileges tables get loaded: mysqladmin –u <userid> -p flush-privileges
9. MySQL version 5.1.36 is installed
• Updated MySQL with all supported international character sets. Restart Required.

*SpamAssassin EMERGENCY Patch (Already disted and document describing patch was sent earlier this week)
• SpamAssassin had a scoring rule bug that caused some email messages sent after January 1, 2010 to be incorrectly labeled as "spam." This fix ensured that the spam scoring for all customers returned to 2009 levels. It was patched on January 6, 2010.

* Calendar 8 Rollback
• Due to an unresolved bug in Calendar 8, the feature has been pulled from this release. An upgraded version of Calendar 8 will be offered in a subsequent release.

*Added Gallery2 to Control Panel Features
• The Gallery feature on the Control Panel has been joined by Gallery2, so customers can manage picture files using MySQL (Gallery1 does not use MySQL). For more information about Gallery, see: http://gallery.menalto.com/. VSAP updated for this feature.
Note: Gallery 2 requires MySQL to function. It will not be visible in accounts that have MySQL disabled. A few strings were added to the English and Japanese versions to the website.xml and global.xml files in association with this feature.

*Upgraded Site Search
• The Swish-e feature (Labeled as Site Search on the Control Panel) has been updated to version 2.4.7. This version is available to any customer that is not using Site Search at this time. Current Site Search users will have to delete the following files to use the new version:
o /usr/home/userid/index.swish and
o /usr/home/userid/swish.conf
o /usr/home/userid/www/htdocs/sitesearch.html
o /usr/home/userid/www/cgi-bin/query.pl
o /usr/home/userid/www/cgi-bin/query.pl

Customers will then go to their Control Panel to install Site Search again. After deleting the files and redoing the install, customers can use the newer version. For more information about Swish-e, see: http://swish-e.org/
Note: The files strings/website.xml and strings/global.xml were modified in association with this feature.

*Update phpMyFAQ
Updated code so that customers could upgrade to phpMyFAQ v2.5.4. New phpMyFAQ customers will get this version when they install the feature. Current phpMyFAQ customers must back up their phpMyFAQ content before installing the current version. To perform the upgrade, current customers must access phpMyFAQ through their Control Panel, uninstall phpMyFAQ, and then reinstall the application to use v2.5.4. For more information, see: http://www.phpmyfaq.de/changelog.php

*WordPress Bug Fix
• Updated code so that WordPress will not display if MySQL is disabled for the account.

*FTP Latency Bug Fix
• Updated code so that there is no long wait time when a customer initiates an FTP request and when the Control Panel allows them to actually use FTP.

* Urchin Default Settings Update
• Updated code so that customers can set the default installation locale of Urchin in the Branding System.

*Upgraded ShopSite Update Button
• Customers can now click a link in the Control Panel to upgrade their ShopSite 9 accounts to ShopSite 10. Once a customer upgrades to ShopSite 10, they will not be able to roll back to version 9. For more information about ShopSite, see: http://shopsite.com/news_10_0_released.html.

*Changelog
• Updated the “What is New” file.

*File Manager Updates
• Added a feedback message and character rules to File Manager so customers will know if they fail in their attempt to create a directory. This fix also includes a change so that the following characters cannot be used in a file name: | : * < > ? / " \
• Fixed a bug where File Manager was allowing double quotes in a file name. A customer now sees an error message when they attempt to create a file name with double quotes.

*UserID Field in Web Access Bug Fix
• Code updated so that customers cannot use double quotes when creating a userID in the WebAccess feature.

*View CSR in Digital Certificate Bug Fix
• Code updated so that customers can view the digital certificate CSR without scrolling to the bottom of the page.

*Apache Error Logs (Lumberjack) Bug Fix
• Lumberjack Error Logs were not being populated in certain accounts. This fix corrects the issue.
Note: Apache Restart is needed for this fix.

*Email Updates/Bug Fixes
• Updated rc.whitelist, so that customers can create a WhiteList entry that will not be blocked by the RBL settings.
• Updated Blacklist so that the proper Whitelist entries make it to the customer’s IN box; when a Blacklist entry is made, the entry was causing email messages associated with certain whitelist entries from making it past the filters.
• Updated Code so that qmail-smtpd will check tmlocals AFTER it checks locals.
• Updated Code so that email addresses with multiple periods (...) display correctly in Webmail.
• Updated dovecot mail log size to 100mb, enabling the logs to rotate out less frequently.

*Customize Account Feedback Message
• Customers can now brand the feedback message for a new string in associated with Task Manager, in account.xml

*HTML Tags in Welcome Message
• Customers can now add HTML code to the welcome message in the Control Panel.

Note: This notification reflects the best knowledge of code and feature updates for this release. Changes may occur and those will be documented in new notifications. These updates may reflect code changes/additions or edits that increase the accuracy of this report. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described here at any time. Verio and the Verio logo are trademarks and/or service marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below:

Server Software Notification List Message - emergency update - 12/28/2009 to 12/30/2009

2009-12-28T20:30:49Z

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)
__

The following updates will be completed on all servers (28 December – 30 December 2009):

------------------------------
Linux MPS/VPS; FreeBSD MPS/VPS v1, v2,v3:
------------------------------

* securesites.net

The securesites.net shared SSL digital certificate will be renewed. All servers will receive the updated certificate information. Apache and Dovecot will be restarted as part of the update. No action needed.

VERIO CONFIDENTIAL
The information included in this document is intended for internal use by Verio, OEM partners, and viaVerio resellers. Printed copies of this document are not controlled. Official form is available from Verio.

Note: This notification could include technical inaccuracies or typographical errors. Changes can be made to the information herein; these changes will be distributed in new notifications. VERIO might make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

Verio and the Verio logo are trademarks and/or service marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners.

©2009 Verio Inc. All rights reserved.

--
The following information is a reminder of your current mailing
list subscription:

You are subscribed to the following list:
Server Software Notification List

using the following email:
example@example.com

You may automatically unsubscribe from this list at any time by
visiting the following URL:

<http://list.viaverio.com/cgi-dada/mail.cgi/u/ssul/>;

If the above URL is inoperable, make sure that you have copied the
entire address. Some mail readers will wrap a long URL and thus break
this automatic unsubscribe mechanism.

You may also change your subscription by visiting this list's main screen:

<http://list.viaverio.com/cgi-dada/mail.cgi/list/ssul>;

If you're still having trouble, please contact the list owner at:

<mailto:reseller@viaverio.com>;

The following physical address is associated with this mailing list:

Verio Inc
1203 N Research Way
Orem, UT 84097

Mailing List Powered by Dada Mail
http://list.viaverio.com/cgi-dada/mail.cgi/what_is_dada_mail/

Subscribe to Server Software Notification List via email by entering your email address below: