DirectAdmin 1.57.3 has been released

Hello,

DirectAdmin pleased to announce the release of DirectAdmin 1.57.3.

All Changes:
directadmin.com/versions.php?version=1.573

New Features:

Bugs / Security:

Source: DirectAdmin

Critical root vulnerability on server [CVE-2019-10149 Exim <4.92]

Today I received an email from Linux Malware Detect Software on the vulnerability of my server and would like to share with you how to resolve this issue. Below is the content an email.

Important security notice,
The Linux Malware Detect installation running on server has
detected that you may be vulnerable to a critical remote code execution
vulnerability. The currently installed version of Exim MTA v4 improperly
validates recipient addresses and can allow malicious code execution to
take place. This may provide a path for malicious actors to gain root
access, remotely, to this system. This vulnerability currently has known
exploits circulating with both targeted and automated compromises taking
place against vulnerable systems.

Please upgrade Exim to version 4.92 or a known patched earlier version
immediately. Alternatively, if upgrading is not an immediate option,
consider disabling the Exim MTA service as soon as possible.

Disable Exim:

touch /etc/eximdisable
service exim stop
systemctl disable exim
chkconfig exim off

Upgrade Exim:
1. DirectAdmin:

cd /usr/local/directadmin/custombuild
./build update
./build set exim yes
./build set eximconf yes
./build update
./build exim
./build exim_conf

2. cPanel https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim

RedHat / CentOS
https://pkgs.org/download/exim

Further reading:
https://blog.cpanel.com/exim-cve-2019-10149-protect-yourself/
https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://access.redhat.com/security/cve/cve-2019-10149

How to disable Let’s Encrypt for the hostname

If you want to replace the certificate for your hostname with a custom certificate but you had enabled Let’s Encrypt, you will need to disable Let’s Encrypt for the hostname first. The following command let’s DirectAdmin know that it does not need to renew the Let’s Encrypt certificate. This is required as DirectAdmin will renew the certificate +/- 60 days after the last renewal, even when the Let’s Encrypt certificate is not installed.

rm -rf /usr/local/directadmin/data/users/user_name/domains/domain_name.lt.san_config
rm -rf /usr/local/directadmin/data/users/user_name/domains/domain_name.lt.cert.creation_time

ERROR: version of exim_conf_46 not found in versions.txt!

Hi,
I get the following error when running

cd /usr/local/directadmin/custombuild
./build clean
./build update
./build versions
./build update_versions

Try to execute these commands and the problem should be resolved.

cd /usr/local/directadmin/custombuild
./build update
./build set exim yes
./build set eximconf yes
./build set eximconf_release 4.5
./build set spamassassin yes
./build update
./build exim
./build exim_conf

DirectAdmin 1.55.0 has been released

Hello,

DirectAdmin pleased to announce the release of DirectAdmin 1.55.0.

This is a major release with many new features and many bugfixes.
The full list of changes can be found here:
https://www.directadmin.com/versions.php?version=1.550

Some of notable items:

Changes


Features


Bug-fixes

Enjoy!

John

Source:  DirectAdmin

YUM: undefined symbol: CRYPTO_set_locking_callback

There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

/usr/lib64/python2.6/site-packages/pycurl.so: undefined symbol: CRYPTO_set_locking_callback

Please install a package which provides this module, or
verify that the module is installed correctly.

It’s possible that the above module doesn’t match the
current version of Python, which is:
2.6.6 (r266:84292, Aug 18 2016, 15:13:37)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

If you cannot solve this problem yourself, please go to
the yum faq at:
http://yum.baseurl.org/wiki/Faq

Continue reading “YUM: undefined symbol: CRYPTO_set_locking_callback”

Error building curl 7.62.0 on Directadmin server against OpenSSL 1.0.1

If you have a custom installation of cURL to support of HTTP/2 and the recent version 7.62.0 fails to built with the error:

vtls/openssl.c: In function 'Curl_ossl_seed':
vtls/openssl.c:454:5: error: implicit declaration of function 'RAND_egd' [-Werror=implicit-function-declaration]
     int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
     ^
cc1: some warnings being treated as errors
Makefile:2425: recipe for target 'vtls/libcurl_la-openssl.lo' failed
make[2]: *** [vtls/libcurl_la-openssl.lo] Error 1
make[2]: Leaving directory '/usr/local/directadmin/custombuild/curl-7.62.0/lib'
Makefile:1028: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/usr/local/directadmin/custombuild/curl-7.62.0/lib'
Makefile:929: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n): 

we’ve got a solution for you.

Continue reading “Error building curl 7.62.0 on Directadmin server against OpenSSL 1.0.1”

Security & bug fix releases PHP 5.6.37, 7.0.31, 7.1.20, 7.2.8

The PHP development team announces the immediate availability of PHP 5.6.37. This is a security release. Several security bugs have been fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.31. This is a security release. Several security bugs have been fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.20. This is a security release. Several security bugs have been fixed in this release. All PHP 7.1 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.2.8. This is a security release which also contains several minor bug fixes.
All PHP 7.2 users are encouraged to upgrade to this version.