Jump to content
Froxlor Forum

Important bugfix release 0.9.33.2


d00p

Recommended Posts

Dear Froxlor-community,
 
due to a severe security issue in the database logging system, we strongly recommend to update your current froxlor installation to 0.9.33.2. We also recommend to remove any content from the /froxlor/logs/ directory.

Download: 0.9.33.2

Note: Gentoo-ebuild and Debian packages are now available..

Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

Thank you,
d00p

Link to comment
Share on other sites

Hi

actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised.

 

I ask you to add a proper .htaccess-block for the logs-directory _and_ remove the logfiles from there as they - if kept - are still a security-risk in the current release.

 

thx

hk

Link to comment
Share on other sites

Hi

actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised.

 Sorry, as i was pushed to do a release it just got lost in the hurry...removing all .log files from the directory should do the job, alternatively just use the class.ConfigIO.php from Github (https://github.com/Froxlor/Froxlor/blob/0_9_34/lib/classes/webserver/class.ConfigIO.php)

Link to comment
Share on other sites

Error for Debian squeezy after Apache restart.

 

Apache2 restart:

 

Syntax error on line 9 of
/etc/apache2/sites-enabled/10_froxlor_ipandport_xx.xx.xx.xx.80.conf:
Invalid command \'FastCgiExternalServer\', perhaps misspelled or defined by a module not included in the server configuration
Action \'configtest\' failed.
The Apache error log may have more information.
failed!

 

In the named .conf file on line 9:

 

FastCgiExternalServer
/var/www/php-fpm/froxlor.panel/vxxxxxxxxxxxxxxxxxxxxx.yourvserver.net/8296.fpm.external
-socket
/var/lib/apache2/fastcgi/froxlor.panel-vxxxxxxxxxxxxxxxxxxxxx.yourvserver.net-php-fpm.socket
-idle-timeout 30

 

What is going wrong here?

 

Thanks

bosmedien

Link to comment
Share on other sites

Error for Debian squeezy after Apache restart.

 

Apache2 restart:

 

In the named .conf file on line 9:

 

What is going wrong here?

 

Thanks

bosmedien

 

You sir have a completely other problem. Please open a new topic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...