|
||||
|
Quote:
Please read the security advisory. A update through /scripts/upcp will fix the issue. You can verify with the listed commands.
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
|
||||
|
Quote:
Please run the check script in the security advisory. If this one says it is fixed, it is fixed.
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
|
|||
|
the patch broke mysqladmin in x86-64 cPanel.
to reproduce, just login to cpanel, go to backup. under Download a MySQL Database Backup, there's the following error Can't locate DynaLoader.pm in @INC (@INC contains: /usr/local/cpanel /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/local/cpanel/Cpanel/Version.pm line 14. Compilation failed in require at /usr/local/cpanel/bin/mysqladmin line 13. BEGIN failed--compilation aborted at /usr/local/cpanel/bin/mysqladmin line 13. please add lib64 to the patch.
Last edited by limweech; 09-25-2006 at 12:25 AM. |
|
|||
|
Quote:
Hal |
|
|||
|
I'm glad i ran the second "check" script released, as the first one wrongly said "safe".
Any way, after reading this email from cpanel we have now upgraded to the curent build. Quote:
Last edited by kernow; 09-25-2006 at 01:23 AM. |
|
|||
|
So only CURRENT and EDGE also update cpwrap (besides the patch)?
Meaning the patched STABLE and RELEASE versions are less secure and could still be vulnerable to modified versions of the exploit? Or is this incorrect? |
|
|||
|
After upgrading to current. 10.9.0-c27
For every user on every server when creating a mysql database... "Database Created Added the database testing1. Sorry, you have exceeded the maximum allowed databases. " Cpanel shows the mysql database limits as 6/9999. 6 used, 9999 maximum. ---------- This is only for packages that have unlimited mysql databases. Long ago when creating a package, if you left it mysql blank, it would take it as unlimited. It is now taking a blank in the feature set as being 0 instead of unlimited. Just need to edit a million packages then readd thousands of addons. Last edited by nat; 09-25-2006 at 02:49 AM. |
|
|||
|
Quote:
|
|
|||
|
Quote:
Quote:
|
|
|||
|
Quote:
We only got Current 10.9.0-c26 a few hours ago, .................. And now i see the lateset is : 10.9.0-CURRENT_28(Mon Sep 25 02:59:48 2006) http://layer2.cpanel.net/ So two version updates in a matter of hours,.............. Should we upgrade again ?? Last edited by kernow; 09-25-2006 at 02:53 AM. |
|
|||
|
Perhaps this is also a good time for a REAL security audit.
Posts like this are not very comforting: Quote:
|
|
|||
|
Well looks like this have finnally been sorted.. wow
A few observations I have noticed 1) Cpanel needs a quick way to let us know when there is a problem - namely a mailing list !!!! 2) This forum / thread needs much better control. I think I counted 3 separate and unrelated issues in here. Rather stick to the topic guys, or open a new topic for your problem. (e.g .what has a missing mysql db got to do with ROOT escalation ??) 3) The changelog really needs to be update quicker and preferably BEFORE an update is run, so we need to know WHAT is being updated (and what might break). It a joke really !! I think it only useful for people who run their servers on Manual update (STABLE). Hopefully this nice scare has woken us all up, including cpanel. Well done to everyone who reported this + helped to troubleshoot it : GOOD JOB Guys. and thanks to Cpanel for not just buring their heads in the sand, nice quick reaction boys / girls ![]() Im sure we will all learn from this, and cpanel will become even a better kick A$$ product
__________________
www.Forlinux.co.uk Linux Hosting & Support solutions Please note the information given is intended as advice only. |
|
|||
|
Quote:
We also received emails from three other data centres where we lease servers regarding this issue, and yet another email from http://www.configserver.com/blog/. |
![]() |
| Thread Tools | |
| Display Modes | |
|
|