Appliance Update: thunderstonePatch-2.7

Post Reply
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Appliance Update: thunderstonePatch-2.7

Post by mark »

An update is available for second generation Thunderstone Search Appliances (those purchased after Jan 2008): thunderstonePatch-2.7. This update contains the following fixes and features:

* Add diagnostics to the console menu: Ping, Traceroute, DNS lookup,
Page fetch, system load and processes, RAID info.
* Fix protocol and cipher setting for webmin and apache.
* Fix webmin NTP config editing. Remove carriage returns on save and
escape HTML in display.
* Fix webmin to restart vhttpd on DNS edit so a reboot is not required.
* Fix webmin View processes and View logs to escape HTML.
* Fix webmin Restart Texis to include vhttpd on port 19900 (connectors).
* Fix webmin license install to prevent subsequent console warnings.
* Make sure stuck vhttpd goes away after watchdog kills it.

The update is available from the Maintenance -> Update Software menu option. If the update applies to your version of the appliance it will show up in the list. If the update doesn't show up in the list it does not apply to your appliance and no update is needed.
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Appliance Update: thunderstonePatch-2.7

Post by mark »

This is an important patch for anyone using NTP with internet access. If you've edited your NTP configuration before this patch you may be vulnerable to NTP reflection/amplification attacks. The fix is to install this patch and re-edit your NTP config and restart ntpd. Be sure the "restrict default" line contains "noquery" as per default.

A workaround for those without this patch is to add a comment to the end of every line and restart ntpd. e.g.:
restrict default kod nomodify notrap nopeer noquery #IGNCR
Post Reply