Categories
Redis

Redis 2.4.7

Redis 2.4.7 has been released with these changes :

  • [BUGFIX] Fixed false positive in issue #141 regression test.
  • [BUGFIX] Slave should not expire keys when loading an RDB after a SYNC.
  • [BUGFIX] Don’t increment stats for key misses / hits when key is written.
  • [BUGFIX] sds.c library now don’t allocate more than 1MB ahead.
  • 32 bit instances without a maxmemory set now get a default limit of 3.5GB with maxmemory-policy set to noeviction.
  • Better crash report on crash (containing current client and command arguments).

The packages of Redis 2.4.7 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Categories
PHP

Security update : PHP 5.3.10

A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9’s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible.

Packages of PHP 5.3.10 are now available for :

  • both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”,
  • both amd64 and i386 architectures.

(Lenny packages will be available on php53.dotdeb.org during two weeks before being migrated to archives.dotdeb.org because of the end of Lenny’s security support)

Categories
PHP

Advisory : buffer overflow in php5-suhosin

A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory.

If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running :

apt-get update
apt-get install --reinstall php5-suhosin
Categories
MySQL

Percona toolkit 2.0.2

A few days ago, Percona has released a major version of their Percona toolkit (formerly named Maatkit), bringing a lot of improvements, especially on pt-table-checksum. Baron Schwartz wrote a post about it.

Percona toolkit 2.0.2 is now available on Dotdeb for :

  • both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”
  • both amd64 and i386 architectures
Categories
Redis

Redis 2.4.6

Redis 2.4.6 has been released with these changes :

  • [BUGFIX] Fixed issue #141 part 1: Possible protocol desyncs when clients send wrong protocol is now fixed. (See issue 141 for more details)
  • [BUGFIX] Fixed issue #141 part 2: Connection of multiple slaves used to result from time to time into corrupted protocol send to slaves connected after the first one. (See issue 141 for more details)
  • [BUGFIX] Do not propagate DEBUG LOADAOF.
  • New INFO contains information such as ip/port/state for every conneced slave.
  • Show GCC version in INFO output.
The packages of Redis 2.4.6 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.
Categories
PHP

PHP 5.3.9

On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.3.9:

  • Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
  • Fixed bug #55609 (mysqlnd cannot be built shared)
  • Many changes to the FPM SAPI module

PHP 5.3.9 is now available on Dotdeb for :

  • both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”
  • both amd64 and i386 architectures

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

[edit] the packages have been updated to fix some Suhosin- and strtotime()-related issues. You really should upgrade at least :

  • to 5.3.9-0~dotdeb.3 if you’re running Squeeze
  • to 5.3.9-0~dotdeb.2 if you’re running Lenny
Categories
Redis

Redis 2.4.5

Redis 2.4.5 has been released with these changes :

  • [BUGFIX] Fixed a ZUNIONSTORE/ZINTERSTORE bug that can cause a NaN to be inserted as a sorted set element score. This happens when one of the elements has +inf/-inf score and the weight used is 0.
  • [BUGFIX] Fixed memory leak in CLIENT INFO.
  • [BUGFIX] Fixed a non critical SORT bug (Issue 224).
  • [BUGFIX] Fixed a replication bug: now the timeout configuration is respected during the connection with the master.
  • –quiet option implemented in the Redis test.
The packages of Redis 2.4.5 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.
Categories
MySQL

MySQL 5.5.19

The packages of MySQL 5.5.19 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix some annoying issues that Dotdeb users kindly reported :

  • the mysql-common package, in its 5.5.19+ version, “breaks”  mysql-server-5.1 and mysql-client-5.1 (as APT means it – it won’t actually break your server into pieces). Freezing it will prevent any issue (the introduction of unknown configuration variables in their /etc/mysql/my.cnf, for example)
  • the MySQL client now uses the system’s readline library instead of the bundled editline wrapper
  • missing header files and libraries are now included in the appropriate packages

As usual, please read the full Changelog carefully before upgrading.

Categories
Nginx Passenger

Nginx 1.0.11 : Passenger 3.0.11 and Push stream support

Nginx 1.0.11 packages are now available :

  • for both Debian 6.0 “Squeeze” and 5.0 “Lenny”
  • for both amd64 and i386 architectures

Here are the changes on the Dotdeb side :

  • nginx-extras now includes the Push stream module, instead of the bogus HTTP Push. Please review your configuration.
  • nginx-extras now uses Passenger 3.0.11
Please take a look at Nginx’ and Passenger’s Changelogs before upgrading.

 

Categories
Miscellaneous

No more Debian 5.0 “Lenny” support after february 2012

The Debian project has announced in a security advisory (DSA-2360-1) that the security support for Debian GNU/Linux 5.0 “Lenny” will be terminated in february 2012 :

This is an advance notice that security support for Debian GNU/Linux 5.0 
(code name "lenny") will be terminated in two months.

The Debian project released Debian GNU/Linux 6.0 alias "squeeze" on the 
6th of February 2011. Users and distributors have been given a one-year 
timeframe to upgrade their old installations to the current stable 
release. Hence, the security support for the old release of 5.0 is going 
to end on the 6th of February 2012 as previously announced.

Previously announced security updates for the old release will continue 
to be available on security.debian.org.

FYI, Dotdeb will follow this decision and no new packages will be available for Debian 5.0 after february 2012. Don’t be sad, this will give me some free time to focus on PHP 5.4 packages and some more cool tools.

It’s now time to upgrade your last Lenny boxes…