Beiträge von Micha

Hallo,

dürfte nach Auskunft aus dem Serversupportforum an der fehlerhaften Version von plesk-proftpd liegen.

Schaue aber mal direkt auf den FTP-Server, dort sollte die Sicherungsdatei mit der richtigen Größe liegen. Allerdings werden die nicht mehr durch Plesk automatisch gelöscht.

Bis zur Lösung durch ein Pleskupdate mußte halt selber Hand anlegen und löschen. Die Sicherungsdateien gehen auch nur per Hand einzuspielen.

Kunden rücksichern:

./pleskrestore --restore /pfad/zur/backupdatei/<deinbackup>.tar -level client

Domain rücksichern:

./pleskrestore --restore /pfad/zur/backupdatei/<deinbackup>.tar -level domain

Package : icedove

As indicated in the Etch release notes, security support for the
Icedove version in the oldstable distribution (Etch) needed to be
stopped before the end of the regular security maintenance life cycle.

You are strongly encouraged to upgrade to stable or switch to a still
supported email client.

Package : icedove
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652
CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776
CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392
CVE-2009-1836 CVE-2009-1838 CVE-2009-1841

Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-0040

The execution of arbitrary code might be possible via a crafted PNG file
that triggers a free of an uninitialized pointer in (1) the png_read_png
function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
(MFSA 2009-10)

CVE-2009-0352

It is possible to execute arbitrary code via vectors related to the
layout engine. (MFSA 2009-01)

CVE-2009-0353

It is possible to execute arbitrary code via vectors related to the
JavaScript engine. (MFSA 2009-01)

CVE-2009-0652

Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing
attack via Unicode box drawing characters in internationalized domain
names. (MFSA 2009-15)

CVE-2009-0771

Memory corruption and assertion failures have been discovered in the
layout engine, leading to the possible execution of arbitrary code.
(MFSA 2009-07)

CVE-2009-0772

The layout engine allows the execution of arbitrary code ia vectors
related to nsCSSStyleSheet::GetOwnerNode, events, and garbage
collection. (MFSA 2009-07)

CVE-2009-0773

The JavaScript engine is prone to the execution of arbitrary code via
several vectors. (MFSA 2009-07)

CVE-2009-0774

The layout engine allows the execution of arbitrary code via vectors
related to gczeal. (MFSA 2009-07)

CVE-2009-0776

Georgi Guninski discovered that it is possible to obtain xml data via
an issue related to the nsIRDFService. (MFSA 2009-09)

CVE-2009-1302

The browser engine is prone to a possible memory corruption via several
vectors. (MFSA 2009-14)

CVE-2009-1303

The browser engine is prone to a possible memory corruption via the
nsSVGElement::BindToTree function. (MFSA 2009-14)

CVE-2009-1307

Gregory Fleischer discovered that it is possible to bypass the Same
Origin Policy when opening a Flash file via the view-source: scheme.
(MFSA 2009-17)

CVE-2009-1832

The possible arbitrary execution of code was discovered via vectors
involving "double frame construction." (MFSA 2009-24)

CVE-2009-1392

Several issues were discovered in the browser engine as used by icedove,
which could lead to the possible execution of arbitrary code.
(MFSA 2009-24)

CVE-2009-1836

Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential
man-in-the-middle attack, when using a proxy due to insufficient checks
on a certain proxy response. (MFSA 2009-27)

CVE-2009-1838

moz_bug_r_a4 discovered that it is possible to execute arbitrary
JavaScript with chrome privileges due to an error in the
garbage-collection implementation. (MFSA 2009-29)

CVE-2009-1841

moz_bug_r_a4 reported that it is possible for scripts from page content
to run with elevated privileges and thus potentially executing arbitrary
code with the object's chrome privileges. (MFSA 2009-32)

No CVE id yet

Bernd Jendrissek discovered a potentially exploitable crash when viewing
a multipart/alternative mail message with a text/enhanced part.
(MFSA 2009-33)

For the stable distribution (lenny), these problems have been fixed in
version 2.0.0.22-0lenny1.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported mail client.

For the testing (squeeze) distribution these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 2.0.0.22-1.

We recommend that you upgrade your icedove packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : sork-passwd-h3
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2360
Debian Bug : 536554

It was discovered that sork-passwd-h3, a Horde3 module for users to
change their password, is prone to a cross-site scripting attack via the
backend parameter.

For the oldstable distribution (etch), this problem has been fixed in
version 3.0-2+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 3.0-2+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 3.1-1.1.

We recommend that you upgrade your sork-passwd-h3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : ocsinventory-agent
Vulnerability : insecure module search path
Problem type : local
Debian-specific: no
Debian bug : 506416
CVE ID : CVE-2009-0667

It was discovered that the ocsinventory-agent which is part of the
ocsinventory suite, a hardware and software configuration indexing service,
is prone to an insecure perl module search path. As the agent is started
via cron and the current directory (/ in this case) is included in the
default perl module path the agent scans every directory on the system
for its perl modules. This enables an attacker to execute arbitrary code
via a crafted ocsinventory-agent perl module placed on the system.

The oldstable distribution (etch) does not contain ocsinventory-agent.

For the stable distribution (lenny), this problem has been fixed in
version 1:0.0.9.2repack1-4lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 1:0.0.9.2repack1-5

For the unstable distribution (sid), this problem has been fixed in
version 1:0.0.9.2repack1-5.

We recommend that you upgrade your ocsinventory-agent packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : ipplan
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-1732
Debian Bug : 530271

It was discovered that ipplan, a web-based IP address manager and
tracker, does not sufficiently escape certain input parameters, which
allows remote attackers to conduct cross-site scripting attacks.

For the stable distribution (lenny), this problem has been fixed in
version 4.86a-7+lenny1.

The oldstable distribution (etch) does not contain ipplan.

For the testing distribution (squeeze) this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 4.91a-1.1.

We recommend that you upgrade your ipplan packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : eggdrop
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2807 CVE-2009-1789
Debian Bugs : 427157 528778

Several vulnerabilities have been discovered in eggdrop, an advanced IRC
robot. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-2807

It was discovered that eggdrop is vulnerable to a buffer overflow, which
could result in a remote user executing arbitrary code. The previous DSA
(DSA-1448-1) did not fix the issue correctly.

CVE-2009-1789

It was discovered that eggdrop is vulnerable to a denial of service
attack, that allows remote attackers to cause a crash via a crafted
PRIVMSG.

For the stable distribution (lenny), these problems have been fixed in
version 1.6.19-1.1+lenny1.

For the old stable distribution (etch), these problems have been fixed in
version 1.6.18-1etch2.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.19-1.2

We recommend that you upgrade your eggdrop package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : nagios2, nagios3
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2288

It was discovered that the statuswml.cgi script of nagios, a monitoring
and management system for hosts, services and networks, is prone to a
command injection vulnerability. Input to the ping and traceroute parameters
of the script is not properly validated which allows an attacker to execute
arbitrary shell commands by passing a crafted value to these parameters.

For the oldstable distribution (etch), this problem has been fixed in
version 2.6-2+etch3 of nagios2.

For the stable distribution (lenny), this problem has been fixed in
version 3.0.6-4~lenny2 of nagios3.

For the testing distribution (squeeze), this problem has been fixed in
version 3.0.6-5 of nagios3.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.6-5 of nagios3.

We recommend that you upgrade your nagios2/nagios3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Package : phpmyadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1150 CVE-2009-1151

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-1150

Cross site scripting vulnerability in the export page allow for an
attacker that can place crafted cookies with the user to inject
arbitrary web script or HTML.

CVE-2009-1151

Static code injection allows for a remote attacker to inject arbitrary
code into phpMyAdmin via the setup.php script. This script is in Debian
under normal circumstances protected via Apache authentication.
However, because of a recent worm based on this exploit, we are patching
it regardless, to also protect installations that somehow still expose
the setup.php script.

For the old stable distribution (etch), these problems have been fixed in
version 2.9.1.1-11.

For the stable distribution (lenny), these problems have been fixed in
version 2.11.8.1-5+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.1.3.1-1.

We recommend that you upgrade your phpmyadmin package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Package : samba
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1886 CVE-2009-1888

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-1886

The smbclient utility contains a formatstring vulnerability where
commands dealing with file names treat user input as format strings
to asprintf.

CVE-2009-1888

In the smbd daemon, if a user is trying to modify an access control
list (ACL) and is denied permission, this deny may be overridden if
the parameter "dos filemode" is set to "yes" in the smb.conf and the
user already has write access to the file.

The old stable distribution (etch) is not affected by these problems.

For the stable distribution (lenny), these problems have been fixed in
version 3.2.5-4lenny6.

The unstable distribution (sid), which is only affected by CVE-2009-1888,
will be fixed soon.

We recommend that you upgrade your samba package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Nein, diesmal muß ich passen

So läuft wieder alles, 50 MB sind als Uploadgröße auch erneut eingestellt.

Viel Spass noch damit.

Hat geklappt, jetzt fehlt noch die Zugangsdaten für Plesk.

Hallo,

kopiere mal die *ffmpeg Datei in das Verzeichniss /bin/ und ändere im ACP den Pfad auf /bin/ffmpeg und probiere noch mal.

Wenn vorher der Aufruf ffmpeg auf der Kommandozeile nicht ging, geht der nach den kopieren natürlich....

Ich komme aber nicht ins ACP, Passwort stimmt nicht?

Hallo,

konnte erst jetzt wegen Zeitmangel bei Dir installieren, aber ffmpeg ist nun drauf.

200083:/# ffmpeg
FFmpeg version SVN-r9676, Copyright (c) 2000-2007 Fabrice Bellard, et al.
configuration: --enable-libmp3lame --enable-libamr-nb
libavutil version: 49.4.1
libavcodec version: 51.40.4
libavformat version: 51.12.1
built on Jul 4 2009 18:09:05, gcc: 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

Ich schaue noch ins ACP und dann sollte das wieder laufen.

Kannst Du auch neue hochladen?

Gut, aber wie äußert denn sich der Fehler?

So wie ich das jetzt verstanden habe funktioniert:

1. Die converter.php kann manuell aufgerufen werden und ein Video wird konvertiert.
2. Der cron läuft und wget ist Gast im Forum.

Gibt es eine Ausgabe in der output.txt oder in den error.logs vom apachen?

Schalte mal den Teamspeak ab und schaue mal was passiert.

Bei welchem Anbieter ist Sven denn?

Kleiner Hinweis noch, bei confixx dürfen die webs nicht als Admin web0 angelegt sein. Immer erst einen Reseller anlegen und mit diesem die webs.