08Oct

Secure Email (IMAP, POP3 and SMTP)


We’re excited to announce that all Mr.Host email servers have been upgraded to support secure encrypted email, for both receiving (POP3 and IMAP), and sending (SMTP) email.

We’ve included support for both TLS (STARTTLS) and SSL, as support between email clients can vary. If you’re not sure what this means, just rest assured, if your email client supports encrypted email, it will work with our system.

Technical Details

We support TLS (STARTTLS) on the standard email ports – 110 for POP3, 143 for IMAP and 587 for SMTP. This should be what customers use by default, as it requires the least number of changes in your email clients.

We also support POP3s on port 995, IMAPs on port 993 and SMTPs on port 465.

How to Upgrade

We’ve added a Knowledge Base article with details on how to enable encrypted email in the most common email clients. It’s available here:

http://mrhost.ca/system/knowledge-base/email-mailing-lists/e-mail-client-setup/secure-email-using-ssl-with-imap-pop-and-smtp/

If you have any questions or need help configuring your email client, you can contact us @ help@mrhost.ca

 

10Sep

Apache 2.2.20 Upgrade


This evening, all Mr.Host web servers were upgraded to Apache 2.2.20.

This version is principally a security (CVE-2011-3192) and bugfix release .

Changes with Apache 2.2.20

  • SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  • mod_authnz_ldap: If the LDAP server returns constraint violation, don’t treat this as an error but as “auth denied”. [Stefan Fritsch]
  • mod_filter: Fix FilterProvider conditions of type “resp=” (response headers) for CGI. [Joe Orton, Rainer Jung]
  • mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. PR 51103. [Stefan Fritsch]
  • core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch]
26Aug

PHP 5.3.8 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.8

This release fixes two issues introduced in the PHP 5.3.7 release:

  • Fixed bug #55439 (crypt() returns only the salt for MD5)
  • Reverted a change in timeout handling restoring PHP 5.3.6 behavior, which caused mysqlnd SSL connections to hang (Bug #55283).
19Aug

PHP 5.3.7 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.7

Security Enhancements and Fixes in PHP 5.3.7:

  • Updated crypt_blowfish to 1.2. (CVE-2011-2483)
  • Fixed crash in error_log(). Reported by Mateusz Kocielski
  • Fixed buffer overflow on overlog salt in crypt().
  • Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
  • Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
  • Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)

Key enhancements in PHP 5.3.7 include:

  • Upgraded bundled Sqlite3 to version 3.7.7.1
  • Upgraded bundled PCRE to version 8.12
  • Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
  • Fixed bug #54585 (track_errors causes segfault)
  • Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
  • Fixed a crash inside dtor for error handling
  • Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
  • Fixed bug #54935 php_win_err can lead to crash
  • Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
  • Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
  • Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)
  • Fixed bug #54529 (SAPI crashes on apache_config.c:197)
  • Fixed bug #54283 (new DatePeriod(NULL) causes crash).
  • Fixed bug #54269 (Short exception message buffer causes crash)
  • Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
  • Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
  • Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don’t call the parent constructor)
  • Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())
  • Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0)
  • Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
  • Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)
  • Fixed bug #54681 (addGlob() crashes on invalid flags)
  • Over 80 other bug fixes.
For a full list of changes in PHP 5.3.7, see the ChangeLog.
20Mar

PHP 5.3.6 Upgrade


This evening all Mr.Host web servers have been upgraded to PHP 5.3.6.

Security Enhancements and Fixes in PHP 5.3.6:

  • Enforce security in the fastcgi protocol parsing with fpm SAPI.
  • Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
  • Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
  • Fixed bug #54055 (buffer overrun with high values for precision ini setting).
  • Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
  • Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

Key enhancements in PHP 5.3.6 include:

  • Upgraded bundled Sqlite3 to version 3.7.4.
  • Upgraded bundled PCRE to version 8.11.
  • Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization.
  • Added options to debug backtrace functions.
  • Changed default value of ini directive serialize_precision from 100 to 17.
  • Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime error).
  • Fixed Bug #53958 (Closures can’t ‘use’ shared variables by value and by reference).
  • Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash).
  • Over 60 other bug fixes.

For a full list of changes in PHP 5.3.6, see the ChangeLog.