Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

0.9.8-23 (security)

https://forum.vestacp.com/viewtopic.php?f=25&t=17785

Page 1 of 1

0.9.8-23 (security)

Posted: Thu Oct 18, 2018 2:44 pm
by imperio
  • Security fix for timing attack on password reset. Thanks to https://arcturussecurity.com
  • Security fix for v-open-fs-config. Its visibility is limited to /etc and /var/lib directories
  • Security check for/usr/bin/dhcprenew binary. If found checker notifies server administrator
  • Security improvement for sudo. It is now limited to vesta scripts only and doesn't allow admin to execute any other command
  • Security improvement: admin password and database passwords are generated individually
  • Security improvement: new installer doesn't use c.vestacp.com as source for the configuration files. Configs are bundled inside vesta package
  • Security improvement: installer doesn't send any information to vestacp.com after successful installation. It used to send distro name for usage statistics.
Please update your servers a soon as possible

For update run this command

Code: Select all

v-update-sys-vesta-all
More information about attack
https://www.welivesecurity.com/2018/10/ ... installed/
HOW TO: How to clear the server from ChachaDDoS
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/