Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Vesta Updates
  • Search

0.9.8-23 (security)

Information about new releases and bug fixes
Locked
  • Print view
Advanced search
1 post • Page 1 of 1
imperio
VestaCP Team
Posts: 7000
Joined: Sat Dec 01, 2012 12:37 pm
Contact:
Contact imperio
Website

0.9.8-23 (security)

Post by imperio » Thu Oct 18, 2018 2:44 pm

  • Security fix for timing attack on password reset. Thanks to https://arcturussecurity.com
  • Security fix for v-open-fs-config. Its visibility is limited to /etc and /var/lib directories
  • Security check for/usr/bin/dhcprenew binary. If found checker notifies server administrator
  • Security improvement for sudo. It is now limited to vesta scripts only and doesn't allow admin to execute any other command
  • Security improvement: admin password and database passwords are generated individually
  • Security improvement: new installer doesn't use c.vestacp.com as source for the configuration files. Configs are bundled inside vesta package
  • Security improvement: installer doesn't send any information to vestacp.com after successful installation. It used to send distro name for usage statistics.
Please update your servers a soon as possible

For update run this command

Code: Select all

v-update-sys-vesta-all
More information about attack
https://www.welivesecurity.com/2018/10/ ... installed/
HOW TO: How to clear the server from ChachaDDoS
Top
Locked
  • Print view
1 post • Page 1 of 1

Return to “Updates”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password