Jelsoft just announced a new patch level release for vBulletin 3.7.1 and 3.6.10. vBulletin 3.7.1 PL2 and 3.6.10 PL2 are intended to address the deeper issues behind the XSS flaw first noted in vBulletin 3.7.1 PL1 and 3.6.10 PL1. According to the Jelsoft release annoucement 3.7.1 PL2 and 3.6.10 PL2 fixes an XSS flaw affecting the URL redirection system in vBulletin.
Jelsoft has just announced a security update for vBulletin forum software that resolves a cross-site scripting (XSS) error. These are patch level fixes for the existing vBulletin 3.7.1 and 3.6.10 versions that focus on the XSS flaw.
According to the Jelsoft announcement:
…it is difficult to exploit the XSS flaw, and the potential for exposure and damage is limited…
However, the implications of the flaw are not entirely clear in the announcement. Has anybody out there had problems with this cross-site scripting error?
cPanel just announced the release of cPanel 11.23 which focuses on some key issues with cPanel. According to cPanel’s blog announcement the cPanel 11.23 release focuses on memory usage, mail efficiency, backups and users. cPanel server admins are getting pretty excited about the performance increases in cPanel VPS optimized, and 11.23 addresses memory usage with VPS optimized and Tailwatch.
More fun in the Webmaster world of updates. Jelsoft today announced vBulletin 3.6.10, including various backported bugfixes from 3.7.0 but primarily to fix a cross-site request forgery (CSRF) in vBulletin 3.6.9.
I just read about the new version of Cpanel / WHM that is supposed to use much less memory on Virtual Private Servers (VPS). Aside from the obvious benefit of freeing up resources and improving performance and capacity, cPanel also points out the benefits of being more eco-friendly than standard cPanel releases. I’m not sure how efficiently cPanel VPS Optimized translates into less energy consumption, but I’ll just take their word for it. This is exciting news for me, because I run many domains hosted on multiple VPS with cPanel/WHM.
It was just announced that the Horde webmail application has been updated to version 3.1.7 to address the arbitrary file inclusion vulnerability found recently. cPanel has also performed upgrades in the PHP application security model for Horde, PHPMyAdmin, and PHPPGAdmin. It is recommended that all cPanel users update immediately. You can update with WHM under “Upgrade to Latest Version” or check your version with command line:
After upgrading to PHP 5.2.5 and Apache 2.6.9 using the new easyapache3 scripts (WHM > Software > Apache Update) I was still left without Zend Optimizer. WHM and easyapache3 installed Zend Optimizer (located in /usr/local/Zend/lib/Optimizer-3.3.0/) but after some mucking about I made the mistake of running /scripts/installzendopt - previously used to install Zend Optimizer with a step-by-step installer.
Admins running cPanel w/ Horde should pay special attention to the security update released by cPanel. An arbitrary file inclusion vulnerability was discovered in the Horde webmail app and a patch is included in cPanel builds 11.18.2+ (11.19.2+ for EDGE).
