Author Topic: Checking for new Apache or PHP versions via command line?  (Read 7889 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
Checking for new Apache or PHP versions via command line?
« on: March 19, 2019, 02:03:18 PM »
Is there a command to check whether there is an update of Apache and/or PHP available in CWP?

Apache:
Currently I have to go to CWPro Admin - WebServer settings - Apache Re-Build, and open the combobox there to check whether these is a new Apache version. The latest Apache is 2.3.38 since January, but CWPro only has 2.3.37 - I'm a bit concerned about security.

PHP:
Here I have to go to CWPro Admin - PHP Settings - PHP Version Switcher, and also open the combobox. PHP is up to date in CWP.

I would prefer a command line check, so I could write a cron script which warns me when a new version gets available. Checking manually every day is tiring.

Offline
*****
Re: Checking for new Apache or PHP versions via command line?
« Reply #1 on: April 02, 2019, 07:26:12 AM »
Hello.

At the moment you can do that via CWP only.
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Checking for new Apache or PHP versions via command line?
« Reply #2 on: April 04, 2019, 09:33:16 AM »
Hi!

Do you think it could be done via a paid custom module, e.g. a module which sends an e-mail when a new Apache build is available?

Chris

Offline
*****
Re: Checking for new Apache or PHP versions via command line?
« Reply #3 on: April 05, 2019, 04:43:22 PM »
You can contact developers, but I do not sure if they will work with it.
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Checking for new Apache or PHP versions via command line?
« Reply #4 on: April 05, 2019, 05:28:51 PM »
Need to be updated the apache we have in CWP, had a recent update of several GRAVES fixes found in APACHE, see:

Fixed in Apache httpd 2.4.39

important: Apache HTTP Server privilege escalation from modules' scripts (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, executing code in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Acknowledgments: The issue was discovered by Charles Fol.

Reported to security team 22nd February 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4 .20, 2.4.18, 2.4.17
important: mod_auth_digest access control bypass (CVE-2019-0217)
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Acknowledgments: The issue was discovered by Simon Kappel.

Reported to security team 29th January 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4 .20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1 , 2.4.0
important: mod_ssl access control bypass (CVE-2019-0215)
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.

Acknowledgments: The issue was discovered by Michael Kaufmann.

Reported to security team 23rd January 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37
low: mod_http2, possible crash on late upgrade (CVE-2019-0197)
When HTTP / 2 was enabled for a http: // host or H2Upgrade was enabled for h2 on a https: host, an upgrade request from http / 1.1 to http / 2 that was not the first request on the connection could lead to misconfiguration and crash . The "H2Upgrade on" is unaffected by this. The server is not enabled by this protocol.

Acknowledgments: The issue was discovered by Stefan Eissing, greenbytes.de.

Reported to security team 29th January 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37, 2.4.35, 2.4.34
low: mod_http2, read-after-free on a string compare (CVE-2019-0196)
Using fuzzed network input, the http / 2 request handling could be made to access freed memory in string comparision when determining the method of request and thus process the request incorrectly.

Acknowledgments: The issue was discovered by Craig Young, <vuln-report@secur3.us>.

Reported to security team 29th January 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4 .20, 2.4.18
low: Apache httpd URL normalization inconsistincy (CVE-2019-0220)
When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other processing aspects will implicitly collapse them.

Acknowledgments: The issue was discovered by Bernhard Lorenz <bernhard.lorenz@alphastrike.io> of Alpha Strike Labs GmbH.

Reported to security team January 2019
Issue public 1st April 2019
Affects 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4 .20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1 , 2.4.0

Offline
*
Re: Checking for new Apache or PHP versions via command line?
« Reply #5 on: April 08, 2019, 04:32:46 PM »
Interesting, I just got this update via Yum manager:
cwp-httpd.x86_64    2.4.39-1    cwp

After installing, the page "WebServer settings" - "Apache rebuild" shows:
Server version: Apache/2.4.39 (Unix)
Server built:   Apr  5 2019 10:19:42

Although 2.4.39 isn't even available under "Select NEW Apache version:".
So at least we got the security update now, thanks CWP support!