LxCenter Forum

HyperVM & Kloxo Support

Forum

Members

Help

Home

Today's Messages (off) | Unanswered Messages (on)

Forum: Fixed Bugs, Security Issues and Implemented Features

Topic: Moving foreward -> Kloxo / HyperVM

Moving foreward -> Kloxo / HyperVM [message #71603]

Fri, 30 October 2009 15:29

Peter

Messages: 149
Registered: August 2007

Valuable Member
LxCenter Advisor

Just my two or three cents.

The website lxcenter.org boasts kloxo is super software, ie safe. It should say it's unsafe - which should keep new people from downloading and installing it.

KILL installapp - there aren't people to keep it updated. Let other installscripts build integration when/if Kloxo gets running.

Release Kloxo as open source, and see if anyone picks it up (either they community or others).

Nettuning Group (Danny) is the only one that has shown any kind of initiative, going above and beyond, when it comes to HyperVM and pushing development of LxCenter. Trim HyperVM so he (and perhaps others) can keep up. I would consider things like: moving away from Lighttpd (if it's true it is a lxcenter specific package), focusing on OpenVZ, and cut away Xen (I would have liked both, and Xen might even be better - but latest Millw0rm exploit showed us that OpenVZ is what we can handle right now).

We don't need more people starting too run unsafe software - but keep a few of the old guys hanging around.

KISS design principal please.

[Updated on: Fri, 30 October 2009 15:30]

Report message to a moderator

Topic: Update your bind version

Update your bind version [message #69695]

Fri, 31 July 2009 21:14

arthurthornton

Messages: 2120
Registered: August 2007
Location: Virginia

Grandmaster
LxCenter Staff

This is indirectly related to Kloxo, as it is third party software, but dbmv brought it to our attention that there is a major vulnerability in bind.

It appears that two days ago (29 Jul 2009), CentOS released an updated version of bind in the repo.

It is HIGHLY recommended that you update to this release, and yes, it works with Kloxo.

If you use DNS in HyperVM and it uses bind, then update it with your HyperVM servers too:

yum update bind -y

My Site

[Updated on: Fri, 31 July 2009 21:14]

Report message to a moderator

Topic: horde security issue

horde security issue [message #62111]

Mon, 13 April 2009 16:04

daguy

Messages: 115
Registered: August 2007
Location: canada

Valuable Member

just a heads up one server (notlxlabs) I was hacked with horde velunerability today...
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1491>
< http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Fin dex.php&r1=2.85&r2=2.86>

Report message to a moderator

Topic: XSS issue in custom buttons and favorites.

XSS issue in custom buttons and favorites. [message #61819]

Fri, 10 April 2009 13:48

Lxhelp
Messages: 23691
Registered: July 2006

The Champion

There was a silly XSS problem with custom buttons and favorites, where someone could add a <script> </script> as button which could make hyperVM/Lxadmin redirect the entire page to that particular page.

There is only one situation where it can can be used as XSS, that's if admin very specifically logs in as another user.

Other than that this is not an issue, since only admin can add custom buttons, and only the logged in user can add favorites.

This has been fixed.

Please update hyperVM/Lxadmin to the latest version.

Report message to a moderator

Current Time: Thu May 23 23:28:47 EDT 2013

Total time taken to generate the page: 0.00969 seconds

.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !