Security Upgrade Page
HVCN was off the air Tuesday July 2, and restored to normal service around noon on Wednesday, July 3.
During this 36 hour period of unplanned downtime, another round of software updates was applied,
and a number of recently announced security holes were plugged.
This was precipitated a recent spate of announced security problems
in the software that runs on HVCN, mostly in the operating system
and related components, and by attempts to exploit them, one of which
was regrettably successful. Because of this, the system was rebuilt from
clean file systems. Files modified since the last weekly backup were
checked manually and restored, so there should not be any loss of data.
Security Related Upgrades
These were the main motivation for the upgrade effort.
- OpenBSD was upgraded from 3.0 to 3.1 and all security
patches (except SSH, see next entry) announced since its release in May were applied.
Here is the full list of security patches
to OpenBSD 3.1. Note that the upgrade from 3.0 to 3.1 has updated
a large number
of software components that are distributed as part of OpenBSD.
- SSH was upgraded to version 3.4, eliminating the need to apply
SSH security patches to the OpenBSD 3.1 release. This fixes all known SSH
security issues.
- PHP was upgraded from 4.0.6p1 to 4.1.2 and the
configuration file was changed from the default settings, which are
appropriate for debugging, to the new recommended settings for a
production site. This changes PHP is a number of ways, most notably
by removing the automatic registering of form variables, thus improving
PHP security substantially, but people with PHP scripts may need to modify their code,
and need to contact webmaster
for details.
Incidental Software Upgrades
These were performed simply because it was a convenient time to do so.
- mysql (database) was upgraded from 3.23.42 to 3.23.49
- pth (GNU portable threads) was upgraded from 1.4.0p1 to 1.4.1
- perl5 DBI was upgraded from 1.20 to 1.21
- perl5 DBD drivers for mysql were upgraded from 1.22.16 to 1.22.19
- perl5 GNU Readline Library Wrapper Module was upgraded from 1.10 to 1.11
- perl5 Term-ReadKey modeule was upgraded from 2.14 to 2.18
- ntp (time synchronization) was upgraded from 4.1.71 to 4.1.72
- ispell (spell checker) was upgraded from 3.1.20 to 3.2.06
Although it has been extensively tested, this upgrade is a complex one,
and problems may appear unexpectedly. Further testing continues. If you
encounter a problem, please send all of the details to
webmaster@hvcn.org.
Return to the HVCN main menu
This page was last modified on July 6, 2002.
Please send comments to
webmaster@hvcn.org.