skid wrote Sun Apr 08, 2018 10:26 pm
https://forum.vestacp.com/viewtopic.php?f=10&t=16556&start=260#p68893
The fix has been released just now!
As usually there are 3 ways to update your server:
1. Via web interface
- Login as admin
- Go to updates tab
- Click un update button under vesta package
2. Via package manager
- SSH as root to your server
- yum update / apt-get update && apt-get upgrade
3. Via GitHub
- SSH as root
- Install git / yum install git /apt-get install git
- Then run following commands
Code: Select all
cd $(mktemp -d)
git clone git://github.com/serghey-rodin/vesta.git
/bin/cp -rf vesta/* /usr/local/vesta/
Some information about this indecent. We still don't have working exploit for previous version. But we know for sure that the vector of attack was through a potentially unsecure password check method. Therefore we have completely rewrite password auth function. It's bullet proof now!
