WEBppliance Pro for Linux 3.5.17 :
WEBppliance Pro for Linux 3.5.17 is a Security Patch which resolves the following vulnerabilities :
You can install WEBppliance Pro for Linux 3.5.17 on WEBppliance Pro for Linux 3.5.16 ONLY.
Resolved Issues :
Transparent session ID support exposes PHP to cross-site-scripting attacks.
PHP supports "transparent session IDs", a feature that automatically embeds session IDs as part of URLs in a web page. However, these session IDs are not validated by PHP. The value of a session ID can be manipulated using the PHPSESSID URL parameter. This vulnerability exposes it to cross-site scripting attacks.
Advisory details for the security patch are available at the following URL:
WEBppliance Pro 3.5.17 includes a security patch to fix this vulnerability.
Users unable to connect to virtual domains using the SSH service
after upgrading to the latest version of SSH.
After upgrading to the latest version of the SSH (openssh-3.1p1-8), users are unable to connect successfully to virtual domains using the SSH service. A change in the authentication mechanism of the latest version of SSH causes the SSH connection to fail.
WEBppliance Pro 3.5.17 resolves this issues to enable successful SSH connections
to virtual domains.
To install the patch, please follow the instructions below:
FTP Download Location :
1. Download the file LS-3.5.17-2.tar.gz
2. Uncompress the file:
tar -xvzf LS-3.5.17-2.tar.gz
3. Change the current directory to the directory where you have uncompressed the file:
4. Run the following command
# sh ./patch-install-3.5.17-2.sh
The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).
This install script will restart webppliance services automatically.