0.9.8-23 (security)
Posted: Thu Oct 18, 2018 2:44 pm
- Security fix for timing attack on password reset. Thanks to https://arcturussecurity.com
- Security fix for v-open-fs-config. Its visibility is limited to /etc and /var/lib directories
- Security check for/usr/bin/dhcprenew binary. If found checker notifies server administrator
- Security improvement for sudo. It is now limited to vesta scripts only and doesn't allow admin to execute any other command
- Security improvement: admin password and database passwords are generated individually
- Security improvement: new installer doesn't use c.vestacp.com as source for the configuration files. Configs are bundled inside vesta package
- Security improvement: installer doesn't send any information to vestacp.com after successful installation. It used to send distro name for usage statistics.
For update run this command
Code: Select all
v-update-sys-vesta-all
https://www.welivesecurity.com/2018/10/ ... installed/
HOW TO: How to clear the server from ChachaDDoS