02Jul

PHP 5.3.14 Upgrade

July 2, 2012

This evening all Mr.Host web servers have been upgraded to PHP 5.3.14. We missed a few updates between 5.3.10 and 5.3.14, so this post outlines all the changes since 5.3.10.

5.3.11

Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:

    • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
    • Add open_basedir checks to readline_write_history and readline_read_history.

Security Enhancement affecting PHP 5.3.11 only:

    • Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Key enhancements in these releases include:

    • Added debug info handler to DOM objects.
    • Fixed bug #61172 (Add Apache 2.4 support).

5.3.12, 5.3.13

The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack.

PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.

5.3.14

The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension

PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

For a full list of changes from PHP v 5.3.10 to 5.3.14, see the ChangeLog.

PHP Upgrades, Upgrades Questions? Contact Support
16Oct

FTP Sub-Accounts

October 16, 2011

This weekend we’ve implemented a brand new feature to the Mr.Host system, available to all Mr.Host web hosting customers: multiple FTP sub-accounts.

You can now set up as many FTP sub-accounts to your existing Mr.Host account as you’d like each with its own username and password. You can even limit access to an FTP account to one of the websites you have configured on your account. This is helpful for customers who want to give FTP access to outside web developers, but don’t want to give out full access to their account.

We’ve also added the ability to disable FTP access on your main Mr.Host account. For security reasons, you can disable FTP access on your main account, and only use a FTP sub-account to manage content for your sites.

These new features are available now via the FTP section of the Customer Control Panel.

Upgrades Questions? Contact Support
08Oct

Secure Email (IMAP, POP3 and SMTP)

October 8, 2011

We’re excited to announce that all Mr.Host email servers have been upgraded to support secure encrypted email, for both receiving (POP3 and IMAP), and sending (SMTP) email.

We’ve included support for both TLS (STARTTLS) and SSL, as support between email clients can vary. If you’re not sure what this means, just rest assured, if your email client supports encrypted email, it will work with our system.

Technical Details

We support TLS (STARTTLS) on the standard email ports – 110 for POP3, 143 for IMAP and 587 for SMTP. This should be what customers use by default, as it requires the least number of changes in your email clients.

We also support POP3s on port 995, IMAPs on port 993 and SMTPs on port 465.

How to Upgrade

We’ve added a Knowledge Base article with details on how to enable encrypted email in the most common email clients. It’s available here:

http://mrhost.ca/system/knowledge-base/email-mailing-lists/e-mail-client-setup/secure-email-using-ssl-with-imap-pop-and-smtp/

If you have any questions or need help configuring your email client, you can contact us @ help@mrhost.ca

 

Maintenance, Upgrades Questions? Contact Support
10Sep

Apache 2.2.20 Upgrade

September 10, 2011

This evening, all Mr.Host web servers were upgraded to Apache 2.2.20.

This version is principally a security (CVE-2011-3192) and bugfix release .

Changes with Apache 2.2.20

  • SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  • mod_authnz_ldap: If the LDAP server returns constraint violation, don’t treat this as an error but as “auth denied”. [Stefan Fritsch]
  • mod_filter: Fix FilterProvider conditions of type “resp=” (response headers) for CGI. [Joe Orton, Rainer Jung]
  • mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. PR 51103. [Stefan Fritsch]
  • core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch]
Apache Upgrades, Maintenance, Upgrades Questions? Contact Support
26Aug

PHP 5.3.8 Upgrade

August 26, 2011

This evening all Mr.Host web servers have been upgraded to PHP 5.3.8

This release fixes two issues introduced in the PHP 5.3.7 release:

  • Fixed bug #55439 (crypt() returns only the salt for MD5)
  • Reverted a change in timeout handling restoring PHP 5.3.6 behavior, which caused mysqlnd SSL connections to hang (Bug #55283).
Maintenance, PHP Upgrades, Upgrades Questions? Contact Support