d00p Posted July 29, 2015 Posted July 29, 2015 Dear Froxlor-community, due to a severe security issue in the database logging system, we strongly recommend to update your current froxlor installation to 0.9.33.2. We also recommend to remove any content from the /froxlor/logs/ directory.Download: 0.9.33.2Note: Gentoo-ebuild and Debian packages are now available..Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.Thank you,d00p
hk@ Posted July 30, 2015 Posted July 30, 2015 Hi actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised. I ask you to add a proper .htaccess-block for the logs-directory _and_ remove the logfiles from there as they - if kept - are still a security-risk in the current release. thx hk
newan Posted July 30, 2015 Posted July 30, 2015 Error for Debian - wheezy: Err http://download.opensuse.org PackagesErr http://debian.froxlor.org wheezy/main amd64 Packages 404 Not Found [iP: 109.234.106.48 80] sources.list deb http://debian.froxlor.org wheezy maindeb-src http://debian.froxlor.org wheezy main#Backup if main mirror failsdeb http://froxlormirror.netcup.net/froxlor wheezy main
d00p Posted July 30, 2015 Author Posted July 30, 2015 Hi actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised. Sorry, as i was pushed to do a release it just got lost in the hurry...removing all .log files from the directory should do the job, alternatively just use the class.ConfigIO.php from Github (https://github.com/Froxlor/Froxlor/blob/0_9_34/lib/classes/webserver/class.ConfigIO.php)
bosmedien Posted July 30, 2015 Posted July 30, 2015 Error for Debian squeezy after Apache restart. Apache2 restart: Syntax error on line 9 of/etc/apache2/sites-enabled/10_froxlor_ipandport_xx.xx.xx.xx.80.conf:Invalid command \'FastCgiExternalServer\', perhaps misspelled or defined by a module not included in the server configurationAction \'configtest\' failed.The Apache error log may have more information.failed! In the named .conf file on line 9: FastCgiExternalServer/var/www/php-fpm/froxlor.panel/vxxxxxxxxxxxxxxxxxxxxx.yourvserver.net/8296.fpm.external-socket/var/lib/apache2/fastcgi/froxlor.panel-vxxxxxxxxxxxxxxxxxxxxx.yourvserver.net-php-fpm.socket-idle-timeout 30 What is going wrong here? Thanks bosmedien
Guest Posted July 30, 2015 Posted July 30, 2015 Yes, for some reason the froxlor debian repository is completly missing the wheezy-repository... https://debian.froxlor.org/dists/
d00p Posted July 30, 2015 Author Posted July 30, 2015 Error for Debian squeezy after Apache restart. Apache2 restart: In the named .conf file on line 9: What is going wrong here? Thanks bosmedien You sir have a completely other problem. Please open a new topic.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now