PHP v4.4.2 Released by cPanel

v4.4.2 has been released for inclusion in building apache/php on cPanel servers. I’ve upgraded all of our servers with it and it appears to be working well. From the php site:

This is a bug fix release, which addresses some security problems too. The major points that this release corrects are:

  • Prevent header injection by limiting each header to a single line.
  • Possible XSS inside error reporting functionality.
  • Missing safe_mode/open_basedir checks into cURL extension.
  • Apache 2 regression with sub-request handling on non-Linux systems.
  • key() and current() regression related to references.

This release also fixes about 30 other defects

EV1 RHN Problems

Anyone with an EV1 server running RHE will probably find that up2date isn’t working. This is as a result of upgrades that EV1 have just performed on their RHN mirrors. There is a simple fix:

rpm -Uvh –force

More details in the EV1 Forum thread.

New mod_security v1.9.2

A new version of mod_security has been released hereChanges:

ModSecurity 1.9.2 is primarily a bug-fix release, but itincludes a few interesting new features.ModSecurity can now be compiled against PCRE regex library(Apache 1.3.x only, Apache 2.x already uses PCRE), resultingin large performance increase. It is also possible to compileModSecurity not to use suEXEC for process creation. Someconcurrent audit logging improvements. New proof-of-conceptscript for real-time audit log centralisation. Many smallerbug fixes and improvements throughout.

Problems with cPanel and the new module

When running /scripts/perlinstaller you might be seeing this error:

Undefined subroutine &CPAN::Config::commit called at /scripts/realperlinstaller line 95.

This is being caused by the renaming of a function call in which cPanel relies upon. Although there now appears to be a fix in the EDGE tree from the report I logged in bugzilla: is a new version of release at this morning that addresses the issue.To manually upgrade to this fixed version do the following:

wget -xzf CPAN*cd CPAN*perl Makefile.PLmakemake install

That should resolve the issue.

OS Updates breaking perl and therefore MailScanner

We have had a lot of reports about MailScanner failing with perl module errors. We’re finding that this has nothing to do with MailScanner at all. It’s because clients are not excluding perl updates from their OS providers update utility (e.g. yum or up2date). There was a recent update to RH based OS’s with a new iteration of perl which fixes some security bugs. Most likely this has downgraded installed version of perl (perhaps v5.8.7) to v5.8.0 which won’t contain all the perl modules needed to run many things including MailScanner, cPanel and it will almost definitely break cPanel stats.The fix is fairly simple:

cd /usr/bin ls -la perl*

establish which version of perl you should be using:

cp -avf perl5.x.x perl

Check it’s correct with:

perl -v

Check that /usr/local/bin/perl is a symlink to /usr/bin/perl. Then stop and restart MailScanner, cPanel and any other daemons running through the perl interpreter.

Moving to IMAP and away from Microsoft

Well, with the advent of courier-imap and multi-session login for IMAP now available we’ve decided to move our joint mailbox from POP3 access using Public ShareFolder to using an IMAP account on our local server. I’ve moved over to Thunderbird and am enjoying using it. There are some important functions from Outlook that I miss, especially having it remember frequently used folders to move mail items to, though there is a workaround. I am enjoying being able to view emails in the format they arrived in rather than the bastardised format that Outlook stores email – it still amazes me how an email client can both store email bodies in a different format to which they were delivered and to also ruin email headers to make them next to useless. Unfortunately, Outlook is a well featured email client, but I’m not sad to see the back of it.The move was important to us. We keep all email, going back to before 1998 when we started this business and so it needs to be a robust solution. The main gotcha was that courier-imap doesn’t like you using either a slash or a dot in folder names, which meant for a lot of renaming for some parts of our folder structure. Other than that, the only real issue with Thunderbird/IMAP is the somewhat flaky new email detection, but I’m getting used to it 😉