|
Monday, 19 March 2012 16:06 |
|
Release Notes:
RHEL and CentOS 4 are not supported in this release.
In addition this release is a major update to the tortixd managment back end, moving from the previous EL5 based httpd and php 5.2 branch, to Apache 2.2.22 and PHP 5.4. This is in preparation to migrating toe management components to Apache 2.4 once PHP support is complete.
This update also contains major updates to the Updater module. Including the ability to update WAF components on source install environments, like cpanel and a major update to automatically initiating Self-Healing rules and components without requiring additional actions (fix mode).
Support Package Updates:
- - tortixd has been updated to 2.2.22
- Base php is now updated from version 5.2.17 to 5.4.0
- asl-php-eaccelerator has been obsoleted
- asl-mod_security has been replaced by tortix-waf
- psa-proftpd has PAM updates for el6
Changelog:
- - Add Vulnerability check for out of date WAF
- - Add top 10 attacked domain(24h/72h/1 week) report to ASL Web
- - Add EOL check for EL4 Platforms (CentOS, RHEL)
- - Update to ASL Web, will create the HIDS databse if it is not detected
- - Update to Rule Manager, WAF rules now cover HIDS rule 60121
- - Update to ASL Web, apassword fields are now masked
- - Update to database-setup, will report a failed codition on loading the HIDS db
- - Update to rule manager, ossec.conf is restored if it is removed
- - Update to update module, self healing rules are automatically added after an update. asl -s -f is no longer required
- - Update to update module, detail view for HIDS and WAF update event to list rule subgroups being updated
- - Update to update module, source environment will now check for and update WAF modules
- - Update to ASL Web, warnings are now displayed when changing PTRACE_HARDEN for plesk environments
- - Update to update module, tortixd waf is now reloaded on a rule update
- - Update to plesk-waf-setup to manage ACL's on directories using the audit dir
- - Update to plesk-waf-setup, IP can now be passed in from the command line
- - Update to database-setup to support the resetting the database the command line
- - Feature Request #XXX, add support for multiple users of posteasyapache
- - Bugfix #XXX, template correction for accesslog formating on plesk 9
- - Bugfix #XXX, for people with bad profiles and /sbin is not in their path.
- - Bugfix #XXX, deprecate EXECVE_LIMITING in ASL. Upstream merged this into vanilla
To Upgrade:
yum upgrade asl asl-web
|
|
Monday, 27 February 2012 15:09 |
|
This update brings a new capability to ASL which we are initially piloting for Plesk environments. It is a separate independent Web Application Firewall(WAF) for other web based services. In the context of plesk this both blocks attacks against the Plesk control panel, and adds in upload scanning to the Plesk file manager. The functionality of this module can be used on any web service, from control panel software like Plesk, Cpanel, Interworx, to web front ends on applications like Vmware and Oracle , or alternate web servers like Nginx, and litespeed. We will continue to expand this functionality on other control panels over the next few releases, and we encourage everyone to let us know via support, or in the forums about other web environments that you are interested in supporting.
Changelog
- Add Plesk WAF module for 8.6 thru 10.x
- Add vulnerability check for Plesk CVE-2011-4734
- Update to default audit log retention policy, lowered from 30 to 14 days
- Update to RBL configuration, this will now warn the user about performance considerations
- Update ASL Web to include debug messages if the mysql db has become corrupted
- Feature Request #XXX, add support for multiple users of posteasyapache
- Feature Request #XXX, Add support for CPANEL_DISABLE_POSTEASYAPACHE, this disables modification of posteasyapache
- Bugfix #XXX, rkhunter has been disabled test
- Bugfix #XXX, asl.repo will be generated if it does not exist
- BugFix #741, Add detection for ossec-hids-server
To Upgrade:
1) yum upgrade asl asl-web
2) (Plesk only) Set up the Plesk WAF
/var/asl/bin/plesk-waf-setup
|
|
Tuesday, 21 February 2012 16:47 |
|
Changelog
Functionality Added or Changed
Bugs Fixed
-
Performance: InnoDB Storage Engine: Memory allocation for InnoDB tables was reorganized to reduce the memory overhead for large numbers of tables or partitions, avoiding situations where the “resident set size” could grow regardless of FLUSH TABLES statements. The problem was most evident for tables with large row size. Some of the memory that was formerly allocated for every open table is now allocated only when the table is modified for the first time. (Bug #11764622, Bug #57480)
-
Incompatible Change: An earlier change (in MySQL 5.1.62 and 5.5.21) was found to modify date-handling behavior in General Availability-status series (MySQL 5.1 and 5.5). This change has been reverted.
The change was that several functions became more strict when passed a DATE() function value as their argument, thus they rejected incomplete dates with a day part of zero. These functions were affected: CONVERT_TZ(), DATE_ADD(), DATE_SUB(), DAYOFYEAR(), LAST_DAY(), TIMESTAMPDIFF(), TO_DAYS(), TO_SECONDS(), WEEK(), WEEKDAY(), WEEKOFYEAR(), YEARWEEK(). The previous behavior has been restored. (Bug #13458237)
-
InnoDB Storage Engine: A Valgrind error was fixed in the function os_aio_init(). (Bug #13612811)
-
InnoDB Storage Engine: The server could crash when creating an InnoDB temporary table under Linux, if the $TMPDIR setting points to a tmpfs filesystem and innodb_use_native_aio is enabled, as it is by default in MySQL 5.5.4 and higher. The entry in the error log looked like:
101123 2:10:59 InnoDB: Operating system error number 22 in a file operation.
InnoDB: Error number 22 means 'Invalid argument'.
The crash occurred because asynchronous I/O is not supported on tmpfs in some Linux kernel versions. The workaround was to turn off the innodb_use_native_aio setting or use a different temporary directory. The fix causes InnoDB to turn off the innodb_use_native_aio setting automatically if it detects that the temporary file directory does not support asynchronous I/O. (Bug #13593888, Bug #11765450, Bug #58421)
-
InnoDB Storage Engine: References to C preprocessor symbols and macros HAVE_purify, UNIV_INIT_MEM_TO_ZERO, and UNIV_SET_MEM_TO_ZERO were removed from the InnoDB source code. They were only used in debug builds instrumented for Valgrind. They are replaced by calls to the UNIV_MEM_INVALID() macro. (Bug #13418934)
-
InnoDB Storage Engine: The MySQL server could halt with an assertion error:
InnoDB: Failing assertion: page_get_n_recs(page) > 1
Subsequent restarts could fail with the same error. The error occurred during a purge operation involving the InnoDBchange buffer. The workaround was to set the configuration option innodb_change_buffering=inserts. (Bug #13413535, Bug #61104)
-
InnoDB Storage Engine: With 1024 concurrent InnoDB transactions running concurrently and the innodb_file_per_table setting enabled, a CREATE TABLE operation for an InnoDB table could fail. The .ibd file from the failed CREATE TABLE was left behind, preventing the table from being created later, after the load had dropped.
The fix adds error handling to delete the erroneous .ibd file. This error was less likely to occur in MySQL 5.5 and 5.6, because raising the number of InnoDB undo slots increased the number of simultaneous transactions needed to trigger the bug, from 1K to 128K. (Bug #12400341)
-
Replication: Executing mysqlbinlog with the --start-position=N option, where N was equal either to 0 or to a value greater than the length of the dump file, caused it to crash.
This issue was introduced in MySQL 5.5.18 by the fix for Bug #32228 and Bug #11747416. (Bug #13593869, Bug #64035)
-
Replication: On Windows replication slave hosts, STOP SLAVE took an excessive length of time to complete when the master was down. (Bug #11752315, Bug #43460)
-
A query that used an index on a CHAR column referenced in a BETWEEN clause could return invalid results. (Bug #13463488, Bug #63437)
-
Expressions that compared a BIGINT column with any non-integer constant were performed using integers rather than decimal or float values, with the result that the constant could be truncated. This could lead to any such comparison that used <, >, <=, >=, =, !=/<>, IN, or BETWEEN yielding false positive or negative results. (Bug #13463415, Bug #11758543, Bug #63502, Bug #50756)
-
When the optimizer performed conversion of DECIMAL values while evaluating range conditions, it could produce incorrect results. (Bug #13453382)
-
When running mysqldump with both the --single-transaction and --flush-logs options, the flushing of the log performed an implicit COMMIT (see Section 12.3.3, “Statements That Cause an Implicit Commit”), causing more than one transaction to be used and thus breaking consistency. (Bug #12809202, Bug #61854)
-
It was possible in the event of successive failures for mysqld_safe to restart quickly enough to consume excessive amounts of CPU. Now, on systems that support the sleep and date system utilities, mysqld_safe checks to see whether it has restarted more than 5 times in the current second, and if so, waits 1 second before attempting another restart. (Bug #11761530, Bug #54035)
-
When used with the --xml option, mysqldump--routines failed to dump any stored routines, triggers, or events. (Bug #11760384, Bug #52792)
-
It was possible on replication slaves where FEDERATED tables were in use to get timeouts on long-running operations, such as Error 1160 Got an error writing communication packets. The FEDERATED tables did not need to be replicated for the issue to occur. (Bug #11758931, Bug #51196)
References: See also Bug #12896628, Bug #61790.
-
If an attempt to initiate a statement failed, the issue could not be reported to the client because it was not prepared to receive any error messages prior to the execution of any statement. Since the user could not execute any queries, they were simply disconnected without providing a clear error.
After the fix for this issue, the client is prepared for an error as soon as it attempts to initiate a statement, so that the error can be reported prior to disconnecting the user. (Bug #11755281, Bug #47032)
-
Using myisamchk with the sort recover method to repair a table having fixed-width row format could cause the row pointer size to be reduced, effectively resulting in a smaller maximum data file size. (Bug #48848, Bug #11756869)
-
On Windows, the server incorrectly constructed the full path name of the plugin binary for INSTALL PLUGIN and CREATE FUNCTION ... SONAME. (Bug #45549, Bug #11754014)
-
The stored routine cache was subject to a small memory leak that over time or with many routines being used could result in out-of-memory errors. (Bug #44585, Bug #11753187)
To Upgrade:
yum upgrade mysql
|
|
Monday, 06 February 2012 07:56 |
|
This update is the first phase of an effort to establish a dedicated update module. The intent is to use this to bring a common update method across the suite of "Tortix" products.
Chagelog
- Add support for Oracle Linux 6
- Update to ASL Web, Moved false pos/neg alert messages to html and made urls in message texts linked
- Update to hids_check, update function has been externalized in preperation for a dedicated update module
- Feature Request #XXX, regenerate asl.repo if it has been removed
- Bugfix #XXX - Update to cpanel-easyapache to support direct install
- Bugfix #728 - change skip-networking exit event to a force enable, and restart mysqld event
To Upgrade:
yum upgrade asl asl-web
|
|
|
News
